Risk Management

A. Definition
B. Risk Management Work Process
C. Risk Classification (Risk Response)
D. Risk Management Definitions
E. Additional Definitions
F. Institute

A. Definition

Risk is a possibility of negative impact happening that is an unknown event or a situation of uncertainty. The Risk is the measure of human injury, environmental damage, or economic loss in terms of both the incident likelihood and the magnitude of the loss or injury. The Risk can be defined as the intentional interaction with uncertainty that may be a potential, unpredictable, unmeasurable, and uncontrollable outcome.

According to ISO 9000, Risk is the “effect of uncertainty on an expected result” and an effect is a positive or negative deviation from what is expected. The following two paragraphs will explain what this means. This definition recognizes that all of us operate in an uncertain world. Whenever we try to achieve something, there’s always the chance that things will not go according to plan. Sometimes we get positive results and sometimes we get negative results and occasionally we get both. Because of this, we need to reduce uncertainty as much as possible. Uncertainty (or lack of certainty) is a state or condition that involves a deficiency of information and leads to inadequate or incomplete knowledge or understanding. In the context of risk management, uncertainty exists whenever the knowledge or understanding of an event, consequence, or likelihood is inadequate or incomplete. While this definition argues that risk can be positive as well as negative, a note acknowledges that "the term risk is sometimes used when there is only the possibility of negative consequences".

Risk Management is a work process to eliminate or minimise potential impact such as loss money, extend schedule, or less performance caused by the risks or uncertainties. The Risk Management work process is the risk identification; assessment and analysis (probability, consequence, and impact); treatment classification (risk response), and prioritisation, reporting, monitoring, and controlling. A method of the Risk Classification (response or hedging) is a Risk Avoidance (not to take: High probability and high impact); Risk Transfer (Financing, Insurance: Low probability and high impact); Risk Mitigation (Sharing, Contingency provision: High probability and low impact), and Risk Acceptance (Taking, Retention, and Unidentified Risk: Low probability and low impact).

Risk Hedging is a strategy for reducing exposure to the risks.

Risk Identification is the process of listing potential project risks and their characteristics that could potentially prevent the work, project, program, organisation, or investment from achieving its objectives.

Risk Assessment is a work process of an analysis and examining the risk items in terms of the probability of failure (PoF) and their consequences of failure (CoF) and impacts. Risk Analysis is a part of the Risk Assessment work process that evaluates and estimates the risk probability and combining the expected frequency and impact of each risk.

Risk Classification (or Risk Response) is a risk treatment work process by an occurrence and impact. The Risk can be classified as a Risk Avoidance (High probability and high impact), Risk Acceptance (Taking, Retention, and Unidentified Risk, Low probability, and low impact), Risk Mitigation (Sharing, Contingency provision, High probability, and low impact), and Risk Transfer (Financing or Insurance, Low probability, and high impact).

B. Risk Management Work Process

Risk Management Work Process

  • Risk identification,
  • Risk Assessment and analysis (probability, consequence, and impact),
  • Risk Classification (risk response), prioritisation, reporting, monitoring, and controlling

Method of Risk Classification (risk response or hedging) is:

  • Avoidance (not to take): High probability and high impact,
  • Transfer (Financing, Insurance): Low probability and high impact,
  • Mitigation (Sharing, Contingency provision): High probability and low impact, and
  • Acceptance (Taking, Retention, and Unidentified Risk): Low probability and low impact.

C. Risk Classification (Risk Response)

Risk Avoidance is not to be taken or withdrawn from an exposed particular risk that is based on the result of the risk management process (assessment and evaluation). The Avoidance Risk is a high probability of occurrence and high impact event. 

Risk Acceptance is a taking risk with a possible opportunity. A probability of occurrence of the acceptance risk is a low and an impact is low too.

  • Risk Assumption is to take a minor risk by accepting the dangerous situation or buying insurance that is typically, in a negligence case.
  • Risk Retention means that the risk is classified as a risk acceptance after a risk management work process is performed. (Refer to a Self Insurance)

Risk Mitigation is a systematic reduction approach of the harmful or bad situations that can reduce the risk impact, loss money, extend schedule, or less performance, etc. The Risk Mitigation is applied for the high probability and low impact risks.

  • Risk Diversification is a risk allocation to all participants.
  • Risk Reduction is a risk management method that is to reduce the risk level. (e.g., installing a security system to reduce the severity of a possible loss).
  • Risk Sharing is a risk management method that is the agreed distribution of risk with other parties.

Risk Transfer is a risk management and control strategy that involves the contractual shifting of a risk from one party to another by purchasing insurance or transferring contractual liability.

  • Risk Financing is a contingency arrangement, provisional risk money.

D. Risk Management Definitions

Acceptable Risk is the level of human injury or property loss that is considered tolerable for a given activity by an individual or society.

Acute Risk is a risk arising from a short-term event (e.g., fire, explosion, etc.) or short-term exposure to a chemical or toxic substance.

Aggregate Risk is the total amount of all possible risks across the organisation or investor's exposure that could result in any kind of negative outcomes.

API RP 581: Risk Based Inspection Technology is the recommended practice developed and published by the American Petroleum Institute (API) that provides quantitative procedures to establish an inspection program using the quantitative risk-based inspection (RBI) methods for pressurised fixed equipment including pressure vessel, piping, tankage, pressure-relief devices (PRDs), and heat exchanger tube bundles.

Assumed Risk is 1) a risk that has been identified, analysed, and accepted at the appropriate management level, or unanalysed or unknown risks fall under oversight and omissions by default; 2) an affirmative defence that some defendants in personal injury cases may use to argue that they are not liable for the plaintiff injuries.

Audit Risk is the risk that the auditor expresses an inappropriate audit opinion, or the risk that the procedures carried out by the auditor will not detect matters.

Baseline Risk Assessment is an assessment process to obtain a benchmark of the type and size of potential hazards that is a significant impact on operational activities, processes, and systems-based business functions. The Baseline Risk Assessment focuses the identification of the risks within a task, process, or activity, usually associated with the management of change.

Commercial Risk

E. Additional Definitions

All Risk Insurance is a type of insurance policy that covers loss for any incident including damage or loss due to theft, fire, water damage, and natural disasters, among others, that an insurance policy doesn’t specifically exclude. The All Risk Insurance offers more comprehensive coverage than property and casualty insurance however, the All Risk Insurance policies may not cover every possible risk or peril, it should be reviewed the policy carefully to understand exactly what is covered and what is not covered. (Also, called All-perils coverage)

Apportionment is the act of sharing something between several that is the subdividing of a risk criterion among a number of risk sources.

Bowtie is a graphical illustrated risk evaluation method that can be used to analyse and demonstrate causal relationships in high risk scenarios. The Bowtie method is originated by ICI in the late 1970’s.

BowTie Diagram is a method of risk assessment process to identify potential hazards that is used to analyse and demonstrate causal relationships in high risk scenarios. The BowTie Diagram is a visualisation of the path a hazard to cause a severe consequence and the combination of preventative and mitigative barriers. The Bowtie Diagram is a simple and effective tool for communicating risk assessment results to employees at all levels. This diagram clearly displays the links between the potential causes, preventative and mitigate controls and consequences of a major accident. It may be integrated with Layers of Protections Analysis (LOPA).

Building Geographic Risk is the risk to a person who occupies a specific building such as the risk of damage from a hurricane or an earthquake.

Condition Based Inspection (CBI) is the ability to calculate the expected wear rate of equipment or its components to determine the expected life span, which is calculated based on the information obtained from inspection. The optimal replacement threshold is often based on minimisation of long-run average maintenance costs per unit time due to preventive and failure replacements. It is assumed that inspections are performed at equal time intervals and that the corresponding cost is negligible. (Opposed to the Risk Based Inspection (RBI))

Contingency Drawdown is to possible conversion of the project budget category from the contingency cost (the amount added to an estimate to allow for items, conditions, or events that are uncertain but will likely result in cost increase) to the risk management that is decreased as the project moves along toward completion. A Contingency Drawdown plan can be defined by assigning relative risk values to project categories, and then releasing contingency against as each category progresses, and its inherent risk diminishes. Risk analysis and management techniques are used to be sure that the appropriate amount of contingency is maintained through project completion.

Criticality Study

F. Institute

The Institute of Risk Management (IRM) is the leading professional body for Enterprise Risk Management. We help build excellence in risk management to improve the way organisations work. We provide globally recognised qualifications and training, publish research and thought leadership and set professional standards, which define the knowledge, skills and behaviours today's risk professionals need to meet the demands of an increasingly complex and challenging business environment. IRM members work in many roles, in all industries and across the public, private and not-for-profit sectors around the world. We are independent and not-for-profit. (Source: www.theirm.org/)

G. Other References

More Definitions – visit to the Shop!

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.