Risk and risk factors are some of the threatening entities of a functioning firm or company. The risk-management process involves the systematic application of management policies and practices as well as procedures, with the intention of establishing a context of communication and consultation with relevant stakeholders. The treatment, monitoring, and reviewing of risks also comprises of identification, analysis, and evaluation. A risk is the possibility of a loss or other adverse event that has the potential to interfere with an organization’s or individual’s ability to fulfill its or his/her objectives. Risk identification ensures that an organization or the individual identifies and understands the risks to which it or the person is exposed. It’s a process of identification and analyzing uncertainty in the investment decision making. It involves the process of determining what risks exists in an investment and handling them in a way that is best suited to the investment objectives. Risk can be defined as the possibility that a certain event will happen, and that this event will have an impact on a company or organisation as it seeks to achieve its pre-established objectives. Several forms of risk exist within organizations such as financial, operational, and human resource risk (Mills, 2004). In order to address the concerns of such risks in an effective manner, organizations need to approach risk management with the identification, assessment, management, and control of the potential situations. In addition, to manage risk effectively there is a need to ensure that certain risks are not only identified, but are documented and prioritized and that mitigation is applied when possible (Mills, 2004).
The scope of risk management plan
Termed as Flayton Electronic Risk Management Plan, the plan is based on various specific entities by addressing specific objectives in relation to the organizational readiness towards risks. Flayton Electronic Risk Management Plan is based on assessing the risks and providing a conceptual framework aimed at allocating resources through specific phases. The plan is aimed at offering a clear insight on the size based on the project sizing tool and allocating financial resources. Based on the case study on Flayton Electronic, an organization under major threat posed by a system based on the data, the plan integrates various resources to develop an effective and efficient project addressing such threats. By assessing the organizational readiness and preparedness after 1500 of the organizations clients were affected by the data breach leading to marginal loss, the plan avails an essential tool providing specific timeline and the resources allocated. The plan is aimed at utilizing the allocated $100,000 with a timeline of six (6) months for the plan. The budget of $100,000 aimed at effectively accommodating for the project requires efficient and accountable allocations to facilitate full completion of the project. The plan furthermore assesses the effectiveness of various specific tools used to assess risks and offer specific entities in relation to the project effectiveness and efficiency.
Flayton Electronic Risk Management Plan is based on offering a theoretical approach on the various approaches towards managing all foreseeable risks including opportunities and threats. The Plan is aimed at effectively integrating and utilizing resources effectively towards maintaining and averting risk exposure at an acceptable level. The preceding preview offers a list of some of the specific objectives of the Flayton Electronic Risk Management Plan with relation to averting, curbing and maintaining acceptable risks through a detailed framework addressing the risk prone areas:
- Provide specific strategies and approaches aimed at effectively catering for specific risks within the organization
- Offer a detailed financial allocation plan based on the set timeline
- Providing activities and actions aimed at addressing the specific risk related notions
- Integrating resources and involving various entities and stakeholders towards developing an effective plan.
- Incorporating ideas from various qualified strategists hence providing a comprehensive plan
The stipulated analysis offers some of the vast objectives that the plan seeks to achieve. Through a comprehensive analysis on the essential aspects and factors that needs to be incorporated in the plan, a more exhaustive strategy is deployed.
Risk management and consequence
The establishment of a risk-management process should first begin with the examination of an organization’s management practices. Typically, any risk-management plans require the inclusion of certain objectives such as the need to eliminate negative risks and to reduce risks to acceptable levels (David &Wu, 2010). The process of risk management also involves the identification of certain categories of risk. This is because an organisation or company is highly likely to have different categories of analysis. Such risk categories involve technical, project management, financial, external, and compliance risks (Mills, 2004).
According to the research, it is viewed that likelihood, as opposed to the consequences of an event, should be the focus of risk management for risk likelihood enables risk managers or organizations to deal with the outcomes of risk before they occur. Through the creation of scenarios, management is able to contemplate how to deal with the outcome of risk as well as to ascertain its source and threat level. Focusing on consequences does not provide this flexibility as the organisation or risk manager is limited and restricted as to how to respond to the threat of risk and how to deal with risk when it does occur.
Selection on the risk tools and techniques
There various tools and techniques that can be used to assess risks based on effectiveness and the efficiency of the plans. The risk tools and Techniques of the Risk Management Plan for both the qualitative and quantitative aspects of the project are essential towards assessing and averting or curbing risks. Flayton Electronic Risk Management Plan aims at utilizing the following tools and techniques towards supporting the stated objectives:
- Initiation which a document to be issued at project start and effectively reviewed by the Project Manager on a gradual basis in the entire project
- Identification tools and technique on threats and opportunities include; review on a standard risk check list, brainstorming, analyzing the project assumptions and constraints
- Reporting through risk report to project financing body (sponsor) and steering group/project board, provision of ad-hoc reports stakeholders and project team
- Implementing response strategies through agreed actions
- Reviews through risk workshops, risk review meetings
- Post project review
The project size (Project Sizing Tool)
The role of risk managers in project
Risk project manager should play a significant role in every business in relation to the development of the business and profit-making. Avoiding the repercussions attached to risks such as loss, harm, and cases in court depends on the effectiveness of the risk-management team. Every business aims to maximize profitability, to ensure the safety of its employees, and to provide a friendly working environment. Risk managers are normally charged with the full responsibility to accomplish these objectives as they lead, control, organize, and manage the risk-management department within the organisation (Williams, 2007). The risk manager specifically ensures that the risk department is running effectively and is equipped with the necessary facilities to identify, avert, and curb risks. The managers heading these departments have full responsibilities more or less like their counterparts from other departments such as strategic planning and production. However, the risk manager has the additional role of integrating and monitoring every department within the business. In regards to the production department, for example, the risk manager must work with the production manager to identify risks that may arise from the production line. Risk managers monitor the running of the entire organisation to ensure that every department adheres to its production standards. Some other main roles of the risk project managers include:
- Identifying risks and alerting the business manager.
- Assessing and evaluating risks.
- Executing all the stipulated strategic procedures to avert or curb risks once they have been identified.
- Establishing strategic measures and ensuring they are implemented to avoid a recurrence of specific risks.
- Monitoring the entire risk-handling process (Williams, 2007).
Apart from monitoring the occurrence of risks within the business, the risk manager has the additional important task of ensuring that the environment, or the business’s surroundings, as well as society in general are not negatively affected by the business operational activities (Ward &Chapman, 2009). This manager also ensures that the risk-management team has acquired the necessary equipment and tools to avert or curb the risk occurrence. The success of the risk-management team depends on the effectiveness and efficiency of the risk manager, and the success of the entire business—in relation to averting or curbing risks—depends on this manager’s effective strategic planning (Ward &Chapman, 2009).
Risk Reviews and Reporting section of the Risk Management Plan
The importance of likelihood in risk management
Once the identification of risk has taken place, likelihood is determined and its potential vulnerability and how to exploit it is also found (Beguine, 2009). Varying factors need to be considered when the concept of likelihood is chosen as the approach to risk management. For management, the first step is to consider the sources of potential threats, the motivation behind such threats, and the capability of the source of the identified threat (Mills, 2004). The second step is for organisational management to ascertain the nature of identifying threats and their vulnerabilities. The final step is self-examination as to what existing tools can be used to act effectively as a deterrent or as a form of mitigation to such vulnerabilities (Hodges, 2000). The level of likelihood, as well as its potential risk of vulnerability, can be set at levels such as high, medium, and low (Williams, 2008).
A high likelihood level occurs when the threat source is increasingly motivated, is highly capable, and is in a position with full control to block the usage and effectiveness of the vulnerability aspect. The likelihood level is low when the source of the threat is lacking motivation or ability, which results in the placement of controls to prevent the implementation of identified vulnerability (Williams, 2008).
Probability and impact definition
Consequences and their benefits in risk management
Focusing on consequences in risk management allows the risk manager or organisation to deal with the resulting negative effects of risk. Unlike when concentrating on likelihood, when faced with an outcome of risk an organisation can formulate a strategy to address the issue at hand. This is a valuable learning experience that strengthens the response of an organisation to risk, as well as making the organisation more adaptable to changes when it arises, (Ward and Chapman, 2009).
Dealing with consequences, on the other hand, takes valuable time, impeding the organization or firm from embarking on other operations. As a result, other departments may be neglected or underfunded, which may strain the operations of the organisation and lead to its eventual collapse, (Angel, 2010). Focusing on likelihood, in contrast, provides management with the time to ascertain the source of the risk and its threat and to adjust accordingly so as to manage both the risk and its outcome.
Risk is defined as the possibility that a certain event will happen, and that this event will have an impact on a company or organisation as it seeks to achieve its pre-established objectives. Consequence, as it relates to risk management, deals with the identification of certain categories of risk and provides hands-on experience and increases the robustness of an organisation or individual. However, it is the author’s view that focus should be placed on likelihood as it provides more flexibility and preparation time than focusing on consequences, and it works well within the operations of an organisation and presents fewer limits as expressed within the construct of organisational function.
Defining Risk Thresholds
Some of the risks thresholds include, Risk retention defined as a methodology of dealing with risk. Risk retention is when an organisation or company retains either all or part of their risk. It can be classified into two segments: active risk retention and passive risk retention. Active risk retention occurs when an organisation or company that is well aware of its risk chooses to deliberately retain either part of or the entire, risk. A risk manager would use risk retention for two main reasons. The first reason is that risk retention as a risk-management concept can be used to save money aside and then it is unnecessary to purchase costly insurance. This also includes deductible purchases that some organizations acquire as some insurance costs are unreasonable (Turner &Hunsucker, 2009).
Risk retention can also be defined as the acceptance of the losses, benefits, or any associated gains that may result from the occurrence of risk (Turner &Hunsucker, 2009). Financial and insurance experts argue that to be truly self-insured one must fall into this category. Risk retention is a viable strategy for minimal risk as the insurance costs against risk increases over time and are greater than the total losses of sustainment (Anghil, 2010). All risks that are avoided or have undergone transfer are retained. Consequently, the loss attributes are normally retained by the insurer. Any such level of potential risk with regards to the insurable capacity is likewise defined as retained risk. This can be acceptable when the chance of catastrophic loss is minimal or when the cost of wider insurance coverage is so expensive that it would hinder, to a large extent, an organisation achieving its goals (Anghil, 2010).
In simple terms, risk retention is when an organisation is willing to undertake a risk without insurance to the point where its insurance plan covers a certain occurrence or in a form that is deductible. More commonly organizations retain a form of insurable risk that exists as deductibles as well as factors that are uninsured. Consider the following example to help explain risk retention. Imagine you were the owner of a soft drink outlet. You would ensure that you purchased an insurance-coverage plan against the risk of fire or theft if you possessed a $250 deductible for retaining or for keeping as well as payment of damages that are less than the deductible in savings (Ward &Chapman, 2009). Certain risks, such as damages caused by natural disasters, would not be included in the transferred risk and so in this case one would retain the risk of having to pay for such damages.
Most organizations possess a fund in the form of a contingency fund in case such events ever occur, as well to compensate for a reduction in sales. Such a fund would allow its user to continue operating without needing to borrow money (London &Dewor, 2011). In addition; the organisation could use the fund for costs, such as required repairs, which are not included in the budget. Certain amounts to cater for such occurrences restored in the organization’s contingency fund on the basis of several factors and risk retention plays a crucial role in this process.
Organizations also have a tendency to hire consultants to determine the scope of risk to be covered. A consultant in such a situation would carefully examine the benefits of retaining certain risks (London &Dewor, 2011). For instance, in basic terms, insurance would simply be a form of risk transfer from the organisation to the insurance companies that could result in markup of nearly 60%, which would not be conducive to minimal risk. Furthermore, the more claims made by a company the higher the future cost of insurance since insurance companies would identify this as a trend (Williams, 2007). Retaining risk and an existing contingency fund are therefore crucial aspects of any organization’s plan, regardless of the organization’s size.
Risk retention is beneficial for it enables an organisation to implement its strategies. This is because a positive outcome always exists and is presented as attachments to risk for the company. If the company is able to survive the risk, it reaps the benefits of dividends that are vital for its growth. This, on the whole, allows for the improved implementation of strategies, despite the risks that may be attached.
Risk transfer is another way in which risk can be dealt with and it is an indispensable factor of insurance. To transfer risk means moving it from the realm of the insurer to the realm of the insured, whereby the insured does not remain with the notion of having to worry about the risk (Obuochowski, 2007). As such, the insurer remains in a better position financially to pay for the loss as opposed to the insured. Risk in its form can be transferred in several ways, one of which is through a contract whereby the risk in the form of rent is transferred to the landlord for an extended period (Williams, 2007). Another form of risk transfer is the hedging of price risks, which is simply a methodology of risk transfer of unfavorable fluctuations in price (Rouse, 2004). The final form of transferring risk is through the incorporation of a company. This can be achieved when, for instance, a business exists as a sole proprietorship so that the personal assets of the owner and the company itself can be attached. In this case the liability is limited to the stockholders who do not possess considerable assets to fulfill payments of corporate debt to their creditors for the company’s transfer of risk (Rouse, 2004).
Having ascertained the level of risk retention and transfer, an organisation or company must then decide whether to retain its risk or to transfer it. It is at this point that the need for a captive insurer arises. This type of insurer, in basic terms, is an insurance company that is established under the ownership of the parent company with the aim of providing insurance to the company’s exposures (Rouse, 2004). To effectively determine risk retention and transfer, frequency probability and matters of loss severity are used as a basis for measurement. The risk that has a high frequency probability and a minimal loss severity is preferable for organizations to use as a form of risk retention because the occurrence of loss over an extended time period stabilizes the loss. The application of risk retention can also be used as a form of managing risk at low costs, which is of benefit to the overall insurance purchaser (Williams, 2007).
Flayton Electronic Risk Management Plan offers a detailed insight on the various aspects essential towards deploying strategic approaches in relation to risk management. The plan defines essential aspects in relation to petitioning the organization on a risk curbed or averted position.
Angel, S. (2010). Organisational risk management. Internal Auditor, 67,21-33.
Bezuyen, M. (2009).Product risks: Opportunities and challenges. Journal of Contingencies Crisis Management, 2,1-179.
David, O., & Wu, D. (2010).Enterprise risk management.Risk Management, 12, 1-13.
Grace, M. (2010). Non-profit organisations and risk management values. Handbook of Research on Nonprofit Economics and Management, 1, 156-168.
Hodges, A. (2000). Emergency risk management. Risk Management, 2, 7-18.
Kimura, S., & Giner, C. (2009).Risk management under workflow. Risk management, 1, 12-49.
London, D., &Dewor, E. (2011).High performance risk management for extraordinary times, Management, 1, 5-29.
Mills, T. (2004).Risk management planning handbook. Journal of Environment Quality, 33, 5-410.
Noor, I., & Robert, T. (2007).Contingency misuse and risk management pitfalls.AACE International, 1, 15-30.
Obuochowski, J. (2007). Intelligent strategies and benefits of risk management.MIT Sloan Management Reviews, 47, 6-7.
Rouse, M. (2004). Knowledge translation and risk management. Risk Management, 6, 9-15.
Turner, J., &Hunsucker, L. (2009).Effective risk management using a goal based approach. International Journal of Technology Management, 17,438-458.
Ward, S., & Chapman, C. (2009).Project risk management transformation to uncertainty management. International Journal of Project Management, 21, 97-105.
Williams, T. (2007).Risk management infrastructures. International Journal of Project Management, 11, 5-10.
Williams, T. (2008).Using risk for risk management integration and project definition. International Journal of Project Management, 12, 17-22.