Risk management is the identification, assessment and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor and control the probability and or impact of unfortunate events or to maximize the realization of opportunities.
Principles Of Risk Management:
Risk Management should
• create values
• be an integral part of organisational process
• be part of decision making
• be systematic and structured.
Process or steps for Risk Management:
• 1) Establishing the context:
1) identification of risk in a selected domain of interest.
2) Planning the remainder of process.
3) mapping out the following-
a) the social scope of risk management
b) the Identity and objective of stakeholders.
• 2) Identification: After establishing the context, the next step in process of managing risk is to identify potential risks.
Objective based risk identification: Organisation and project team have objectives. Scenario based identification: Different scenarios are created. The scenarios maybe the alternative ways to achieve an objective.
Common-Risk checking : In several industries, Lest with know -risks are available.
• 3) Assessment: Once Risk has been identified, then must then be assessed as to their potential severity of loss and to the probability of occurrence.
• 4)Potential risk Treatments:
Once Risks have been identified assessed, all techniques to manage the risk fall into one or more of these four major categories.
A) Avoidance: This include not performing an activity that could carry risk .
B) Reduction: Reduction of Optimization involve reducing the severity of the loss of the likelihood of the loss from occurring.
C)sharing: It defined as sharing with another party the burden of loss or benefit of gain, from a risk and the measure to reduce risk .
D) Retention: Involve accepting the loss or benefit of Gain, from a risk when it occurs.
5) Create a risk management plan: Select appropriate control or counter measures to measure each risk. The risk management plan should propose applicable and effective security controls for managing the risk.
Implementation: It follows all the planned methods for mitigating the effect of the risks. Purchase insurance policies for the risks that have been decided to be transferred to an insurer, avoid all risk that can be avoided without sacrificing the entity's goal, reduce other and retain the first.