Risk Process 

An organisation faces many risk related issues. To mitigate those risks we have risk management techniques. These steps assist an organisation to mitigate risk and control it. The risk policy defines the risk and assists an organisation to reach its objective. The actions that can lead to a problem can be investigated. For example: high risk of computer viruses could be mitigated by installing antivirus software. A good risk management plan should involve steps to: 

• Control implementation  
• Responsible persons for those actions. 

The risk process is as follows: 

Step 1: Identify risk 

• Identification: In the process of identifying risk, Identification is the first step. Risks are events, the outcomes can cause problems. Therefore risk identification can start with the source of problems. It includes few analyses. 
• They are as follows: 
• Source Analysis: The sources for risk can be internal or external in an organisation. 
• Problem Analysis: Risks involves threats. It may exist with various entities. For example threat of loosing money. 
• Common risk identifications are: 
• Objective-based risk: Every organisation has objectives to achieve. Any obstruction to achieve that partially or completely is identified as risk  
• Scenario-based risk: Here different scenarios are created, any event that triggers an undesired scenario alternative is identified as risk 
• Taxonomy-based risk: It is a breakdown of potential risk sources. Based on the classification and knowledge of best practices, a questionnaire is made, the answers to the questions reveal risks. 
• Common-risk checking: In many industries the risk which is common already has a solution. Each risk in the list can be checked and a solution can be implemented for it. 
• Risk charting: It is the combination of the above approaches. By listing resources at risk. Example one can begin with resources and consider the threats they are exposed to and the consequences of each.  
• Some of the Risk Identification techniques include the following: 
• Brainstorming, Questionnaires, Industry benchmarking, Scenario analysis, Risk assessment workshops, Incident investigation, Auditing and inspection, HAZOP (Hazard & Operability Studies). 

Risk can be identified for the opportunity which can be identified by Market survey, Prospecting, Test marketing, Research and Development and Business impact analysis.  

Risk which results  in threats can be identified through the following techniques:  

•   Threat analysis 
•    Fault tree analysis 
•    FMEA (Failure Mode & Effect Analysis) 

Step 2:  Analyse risks 

1. Assessment: The next step after identification of risk is the assessment of loss to likelihood of incidence. It is critical to make the best skilled guesses possible in order to properly prioritise the implementation of the risk management plan. One of the drawbacks of this is to analyse the rate of occurrence since statistical data in unavailable  for few past incidents.  
2. Once risks have been identified and assessed, all techniques to manage the risk fall into four major categories. 
3. Avoidance (eliminate, withdraw from or not become involved) 
4. Reduction (optimise - mitigate) 
5. Sharing (transfer - outsource or insure) 
6. Retention (accept and budget) 

Step 3:  Evaluate risks 

?  Mapping out: It decides whether the risks are acceptable or unacceptable.  A risk that is resolute as acceptable should be monitored and regularly reviewed to make sure it remains acceptable.  A risk considered unacceptable should be treated. In all scenarios the reasons for the assessment should be acknowledged and recorded to provide a record of the thinking that led to the decisions.  Such records provide a useful background for future risk assessment.   

Mapping out the following: 

•   Identity and objectives of stakeholders 
•   Basis upon which risks will be evaluated, constraints. 

Step 4:  Monitor and report  

1. Defining a framework:  The manager is required to monitor the efficiency of risk treatments and is accountable to identify new risks as they occur and treat them accordingly.  Managers are required to report on the development of risk treatments at regular intervals.  The person  responsible for risk management is expected to provide feedback on the growth of the project as explained in the „monitoring? field of the treatment. 
2. Developing an analysis: Risks involved in analysing a project 
3. Mitigation or solution: Risks using available technological, human and organisational resources.  
4. Communication: Communicating risks to the right parties improves the capacity to respond to risks and also offsets the tendency to have an isolated view of risk within the team. It involves reporting the results of risk assessment, risk management plan, monitoring and review results to key stake holders: 

Communicating risks to the following members of the project: 

1.   Customers 
2.   Investors 
3.   Management 
4.   Project team 
5.   Contractors