Risk Management

Risk management

Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. Risks can come from uncertainty in financial markets, project failures (at any phase in development, production, or sustainment life-cycles), legal liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attack from an adversary or events of uncertain root-cause.

Several risk management standards have been developed including the Project Management Institute, the National Institute of Science and Technology, actuarial societies, and ISO standards. Methods, definitions and goals vary widely according to whether the risk management method is in the context of project management, security, engineering, industrial processes, financial portfolios, actuarial assessments, or public health and safety.

The strategies to manage risk include transferring the risk to another party, avoiding the risk, reducing the negative effect or probability of the risk, or even accepting some or all of the consequences of a particular risk.

Certain aspects of many of the risk management standards have come under criticism for having no measurable improvement on risk, whether the confidence in estimates and decisions seem to increase.

Method

1. identify, characterize, and assess threats

2. assess the vulnerability of critical assets to specific threats

3. determine the risk (i.e. the expected consequences of specific types of attacks on specific assets)

4. identify ways to reduce those risks

5. prioritize risk reduction measures based on a strategy

Principles of Risk Management

The International Organization for Standardization (ISO) identifies the following principles of risk management:

Risk management should:

1. create value

2. be an integral part of organizational processes

3. be part of decision making

4. explicitly address uncertainty and assumptions

5. be systematic and structured

6. be based on the best available information

7. be tailorable

8. take into account human factors

9. be transparent and inclusive

10. be dynamic, iterative and responsive to change

11. be capable of continual improvement and enhancement

Process of Risk Management

Identification

Planning

Mapping out the following:

a) the social scope of risk management

b) the identity and objectives of stakeholders

c) the basis upon which risks will be evaluated, constraints.

Defining framework for the activity and an agenda for identification.

Developing an analysis of risks involved in the process.

Mitigation or Solution of risks using available technological, human and organizational resources.