TOPIC 2: THE PURPOSE AND PROCESS OF RISK MANAGEMENT 2.1 LEARNING OBJECTIVES •Describe the benefits and value of risk management; •Describe what sort of risks organizations need to consider; •Outline the risk management process; •Outline the variety of options available to an organisation to manage risks 2.2 INTRODUCTION TO RISK MANAGEMENTIn this topic we learn why it is important for an organisation to manage risks and what benefitsmight be expected if this is done properly. The need to systematically identify and analyse riskbecomes apparent and we look at an outline of the risk management process. We will also look atthe range of options available to an organisation to control risk and reduce its impact. After reading topic 1 you should have a good understanding of the concept of risk and the linkbetween cause, events and effects. If we thoroughly understand a risk and its implications we cantake steps to prevent causes, mitigate effects or break a link in the cause/event/effect chain. Wecall this process risk management. A working definition of risk management is 'the identification, analysis and control of thoserisks which can threaten the operations, assets and other responsibilities of anorganisation'. Note this is not a universally accepted definition, but is a good base from whichthe subject can be developed. However this is not the complete story. Risk management also includes the assessment of risks todecide which risks are worth management attention and to balance risks against correspondingopportunities. Risk management takes place in specific working environments, where the attitude andaspirations of people involved influence decisions that are made. Different organisations havedifferent objectives and structures and these influence attitudes to risk. Risk managementprocesses, however, remain the same, even though different decision criteria may result indifferent actions being taken by different organisations to resolve similar problems. In this unit we will describe risk management processes that can be universally applied.In anypractical situation, standard risk management processes are tailored to fit the objectives, structureand people of the organisation concerned. Organisations do not attempt to manage all the risks they face. Risk assessment and rankingprocesses identify those risks deemed to be important. Important risks would include those thatthreaten achievement of organisation objectives, those threatening continuity of business, health1
and safety risks and threats to reputation. Compliance with relevant legislation and regulationswill be particularly important to certain types of business. Risk management activities cost money, an investment that all organisations will want to justify.