Katana VentraIP

Risk management

Risk management is the identification, evaluation, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events[1] or to maximize the realization of opportunities.

For other uses, see Risk (disambiguation). For business risks, see Risk analysis (business). For the magazine, see Risk Management (magazine).

Risks can come from various sources including uncertainty in international markets, political instability, threats from project failures (at any phase in design, development, production, or sustaining of life-cycles), legal liabilities, credit risk, accidents, natural causes and disasters, deliberate attack from an adversary, or events of uncertain or unpredictable root-cause.


There are two types of events i.e. negative events can be classified as risks while positive events are classified as opportunities. Risk management standards have been developed by various institutions, including the Project Management Institute, the National Institute of Standards and Technology, actuarial societies, and ISO standards (quality management standards to help work more efficiently and reduce product failures).[2][3][4] Methods, definitions and goals vary widely according to whether the risk management method is in the context of project management, security, engineering, industrial processes, financial portfolios, actuarial assessments, or public health and safety. Certain risk management standards have been criticized for having no measurable improvement on risk, whereas the confidence in estimates and decisions seems to increase.[1]


Strategies to manage threats (uncertainties with negative consequences) typically include avoiding the threat, reducing the negative effect or probability of the threat, transferring all or part of the threat to another party, and even retaining some or all of the potential or actual consequences of a particular threat. The opposite of these strategies can be used to respond to opportunities (uncertain future states with benefits).


As a professional role, a risk manager[5] will "oversee the organization's comprehensive insurance and risk management program, assessing and identifying risks that could impede the reputation, safety, security, or financial success of the organization", and then develop plans to minimize and / or mitigate any negative (financial) outcomes. Risk Analysts [6] support the technical side of the organization's risk management approach: once risk data has been compiled and evaluated, analysts share their findings with their managers, who use those insights to decide among possible solutions. See also Chief Risk Officer, internal audit, and Financial risk management § Corporate finance.

Create – resources expended to mitigate risk should be less than the consequence of inaction

value

Be an integral part of organizational processes

Be part of decision-making process

Explicitly address uncertainty and assumptions

Be a systematic and structured process

Be based on the best available information

Be tailorable

Take human factors into account

Be transparent and inclusive

Be dynamic, iterative and responsive to change

Be capable of continual improvement and enhancement

Be continually or periodically re-assessed

Source analysis – Risk sources may be internal or external to the system that is the target of risk management (use mitigation instead of management since by its own definition risk deals with factors of decision-making that cannot be managed).

[13]

Avoidance (eliminate, withdraw from or not become involved)

Reduction (optimize – mitigate)

Sharing (transfer – outsource or insure)

Retention (accept and budget)

A traditional measure in banking is (VaR) – the possible loss due to adverse credit and market events. Banks seek to hedge these risks, and will hold risk capital on the net position. The Basel III framework governs the parallel regulatory capital requirements, including for operational risk.

value at risk

Fund managers employ to protect their fund value; these given their mandate and benchmark.

various strategies

Non-financial firms focus on more generally, overlapping enterprise risk management: i.e. those events and occurrences which could negatively impact cash flow or profitability, and hence result in a loss of business value or a decline in share price.

business risk

Archived 2017-07-04 at the Wayback Machine (2017)

DoD Risk, Issue, and Opportunity Management Guide for Defense Acquisition Programs

(2014)

DoD Risk Management Guide for Defense Acquisition Programs

Media related to Risk management at Wikimedia Commons