Austria
Belgium
Denmark
Estonia
Finland
France
Germany
Greece
Iceland
Ireland
Italy
Liechtenstein
Netherland
Norway
Poland
Portugal
Spain
Sweden
Switzerland
Turkey
United Kingdom
Australia
Hong Kong
New Zealand
India
Indonesia
Japan
Malaysia
Philippines
Singapore
Thailand
Brazil
Chile
Colombia
Mexico
Peru
USA
Bahrain
Israel
Morocco
Oman
Saudi Arabia
Tanzania
UAE
Managing your risk
What is a risk?
Risks are uncertain events — be they opportunities or threats — that impact an organisations strategy, objectives, and performance. The impact may be either positive or negative. When we think about risk, we consider the effect of an event and its likelihood of occurring.
What is risk management?
Risk management is the process of identifying, assessing and controlling threats to an organisation's capital, earnings and operations. These risks stem from a variety of sources, including financial uncertainties, legal liabilities, technology issues, strategic management errors, accidents and natural disasters.
A successful risk management program will help an organisation consider the full range of risks it faces. Risk management also examines the relationship between different types of business risks and the cascading impact they could have on an organisation's strategic goals.
Risk management in 5 simple steps
The 5 Step Process is based on Australian Standards (AS 31000).
Step 1 - Identify your risks
Step 2 – Analysis your risks
Step 3 - Evaluate your risks
Step 4 – Treat your risks
Step 5 – Monitor and review the risks
At a basic level, identifying risks can start with a simple brainstorming exercise. It is best done by leaders with operational responsibility as they best know the practical aspects of any risk. Getting an external or independent perspective will also ensure that you don’t miss critical risks from being too close to the activity to be objective.
Once you have created your list of risks, you need to do a simple exercise of systematically determining how important these risks are. Use the universal risk matrix table to help rank the risks based on the likelihood of occurrence and then just how much impact the event would have on your organisation.
Once you have a list of analysed risks, it is time to prioritise them. Rank the risks in order of the highest risks to lowest. At this point many organisations get overwhelmed and give up. We recommend that you select the top 10 risks to start with. It is better to deal with the most important risks properly first, then move on to the other lower priority risks.
There are five things you can do about a risk/uncertainty. The strategies are:
- Avoid the risk. Do something to remove it such as ban the activity.
- Transfer the risk. Make someone else responsible. Perhaps engage a contractor or a third party. Getting appropriate insurance coverage may be a risk transfer strategy.
- Mitigate the risk. Take actions to lessen the impact or chance of the risk occurring.
- Create risk strategies, plans and policies for risks and adjust behaviours where necessary to reduce the risk.
- Accept the risk. You might calculate the risk and decide that it is worth taking on for yourself.
Every organisation, big or small, should allocate one or two people to champion and manage the risk management process. They should provide regular reports to the board as well as coordinate the assessment of any new activities.
It is appropriate to conduct a comprehensive review annually and looking at any incident and near miss trends. It is best to schedule in advance.
Set up your risk register
It’s now time to complete a simple summary document of your risk management findings. This summary is commonly referred to as a risk register and summarises each step of the process.
Contact Howden for a template you can use as a risk register and for any further information.