Pages Navigation Menu

ON-LINE MAGAZINE & WEB SITE - SCROLL DOWN FOR NEWS

THE ART OF RISK MANAGEMENT AND ANALYSIS

THE ART OF RISK MANAGEMENT AND ANALYSIS

By Richard E. “Rick” Dennis
For all about cutting.net

 

WHAT IS RISK MANAGEMENT

Risk management is the ongoing analytical review and evaluation, by a Risk Analyst, of client-provided documents, practices or processes to determine a safety and risk factor to same.  It’s also the analytical process of assigning a numerical Risk Factor designation to any perceived or identified Risk or Safety risk or threat occurrences. Equally, it’s also the practice of continually reviewing and changing established, in-place, Risk Management Practices to counter future risks to thwart incidences of occurrence.  

Other examples of an ongoing and continuing Risk Management program include: Onsite facility security and safety surveys which includes a review of: barrier prevention access (i.e.) fencing, door and window locking systems and devices, closed circuit tv cameras and recording devices, computer, financial, IT and banking security as well as lighting, entry and exit points safety and security.  The Risk Analysis also includes a review of safety and security protocols to include employee hiring and termination practices.

During my tenure in the private security sector as a Risk Manager and Analyst, I’ve authored a myriad of Corporate Employee and Contractor Drug and Alcohol Prevention programs for:  Exxon Company USA, Atlantic Richfield, ARCO oil and Gas, KerrMcGee Corporation, as well as companies in the oil and gas exploration, aviation, maritime, construction, mining and construction industries.  These program models are in full compliance with the Federal Workplace Drug and Alcohol testing programs defined by 49, CFR, Part 40. Long ago, it was determined that the on-the-job use of impairment prescription drugs as well as illegal drugs and alcohol use and abuse were detrimental to safety, productivity and welfare of the workforce.

Risk Analysis comes in various forms to meet specific industry requirements: Security, Financial and Banking, etc.  Risks can come from various sources including uncertainty in financial markets, threats from project failures (at any phase in design, development, production, or sustainment life-cycles), legal liabilities, credit risk, accidents, natural causes and disasters, deliberate attack from an adversary or events of uncertain or unpredictable root-cause.

There are two types of events i.e. negative events can be classified as risks while positive events are classified as opportunities. Several risk management standards have been developed including the Project Management Institute, the National Institute of Standards and Technology, actuarial societies and ISO standards. Methods, definitions and goals vary widely according to whether the risk management method is in the context of project management, security, engineering, industrial processes, financial portfolios, actuarial assessments or public health and safety.

Strategies to manage threats (uncertainties with negative consequences) typically include avoiding the threat, reducing the negative effect or probability of the threat, transferring all or part of the threat to another party and even retaining some or all of the potential or actual consequences of a particular threat as well as the opposites for opportunities (uncertain future states with benefits).

In ideal risk management, a prioritization process is followed whereby the risks with the greatest loss (or impact) and the greatest probability of occurring are handled first and risks with lower probability of occurrence and lower loss are handled in descending order. In practice, the process of assessing overall risks can be difficult and balancing resources used to mitigate between risks with a high probability of occurrence but lower loss versus a risk with high loss but lower probability of occurrence can often be mishandled. 

Risk Management also includes the use of mathematical algorithms whereby a set of standards of incident occurrence are included in the algorithm to project a certain number of probabilities of occurrence or happening within a certain time frame.

Intangible risk management identifies a new type of a risk that has a 100 percent  probability of occurring but is ignored by the organization due to a lack of identification ability. For example, when deficient knowledge is applied to a situation, a knowledge risk materializes. Relationship risk appears when ineffective collaboration occurs. Process-engagement risk may be an issue when ineffective operational procedures are applied. These risks directly reduce the productivity of knowledgable workers, decrease cost-effectiveness, profitability, service, quality, reputation, brand value, and earnings quality. Intangible risk management allows risk management to create immediate value from the identification and reduction of risks that reduce productivity.

Risk management also faces difficulties in allocating resources. This is the idea of opportunity cost. Resources spent on risk management could have been spent on more profitable activities. Again, ideal risk management minimizes spending (or manpower or other resources) and also minimizes the negative effects of risks.

RISK ASSESSMENT

Broadly speaking, a risk assessment is the combined effort of 1. identifying and analyzing potential (future) events that may negatively impact individuals, assets, and/or the environment (i.e., risk analysis); and 2. making judgments “on the tolerability of the risk on the basis of a risk analysis” while considering influencing factors (i.e., risk evaluation). Put in simpler terms, a risk assessment analyzes what can go wrong, how likely it is to happen, what the potential consequences are and how tolerable the identified risk is. As part of this process, the resulting determination of risk may be expressed in a quantitative or qualitative fashion. The risk assessment is an inherent part of an overall risk management strategy, which attempts to, after a risk assessment, “introduce control measures to eliminate or reduce” any potential risk-related consequences.

METHODS

For the most part, these methods consist of the following elements, performed, more or less in the following order:

Identify the threats, characterize the threat or risk, assess the vulnerability of critical assets to specific threats, determine the risk (i.e, the expected likelihood and consequences the risk or threat poses to the project or object of the Risk Analysis as well as specific assets), identify ways to reduce the threat or Risk and develop and prioritize counter measures to the identified or perceived Risk or Threat.

MONITORING

After the identified Risk or Threat has been eliminated, the Risk Manager and Analyst develop a system whereby the in-place Risk Vulnerability Threat Assessment System is constantly monitoring the system to prevent future occurrences.

WHAT IS RISK ANALYSIS?

Risk analysis is the process of identifying and analyzing information to determine potential issues that could negatively impact an individual, key business initiatives or critical projects in order to help organizations avoid or mitigate those risks.

Performing a risk analysis includes considering the probability of adverse events caused by either natural processes, like severe storms, earthquakes or floods or adverse events caused by malicious or inadvertent human activities. An important part of risk analysis is identifying the potential for harm from these events, as well as the likelihood that they will occur.  An analytical Risk Analysis will also identify any current risks to the client.

WHO USES RISK MANAGEMENT & RISK ANALYSIS

Individuals, business enterprises and other organizations use risk analysis to:

Anticipate and reduce the effect of harmful results from adverse events;

Evaluate whether the potential risks of a project are balanced by its benefits to aid in the decision process when evaluating whether to move forward with the project,

Plan responses for technology or equipment failure or loss from adverse events, both natural and human-caused, and identify the impact of and prepare for changes in the enterprise environment, including the likelihood of new competitors entering the market or changes to government regulatory policy.

Essentially, Risk Management and Risk Analysis are used daily to prevent economic or other losses in a particular business or personal environment.  Furthermore, Risk Management and Risk Analysis are used effectively by the oil & gas, maritime, aviation, manufacturing, insurance, telecommunications, and trucking industries, to name a few, as well as the United States Government and the US Department of Defense.  Private individuals utilize the services of a Risk Analyst to produce a Risk Analysis Report pertaining to individual safety as well as threats to their safety and as a protection of assets.

WHO IS A RISK ANALYST?

A Risk Analyst is an individual who uses his or her analytical skills to evaluate client-provided documents such as banking or other documents, or processes included in an onsite Security Survey such as. banking practices, use of computer devices, safety practices, etc., to determine a Risk Category, usually on a scale of 1 through 5, to determine a specific threat or risk to the client.  The analyst also devises a plan for implementation of a Risk Management Program, to counter any identified or perceived threats in order to protect client assets.  For the record, a Risk Analysis isn’t an investigation of any type and the Risk Analyst isn’t a private investigator but simply an analytical review artist who is well versed in law, finances, security and safety processes including an analysis of client-provided documents to determine a specific risk to the client and counter same by applying the appropriate counter measures.

Furthermore, a Risk Analyst is usually an individual with an intricate and extensive background in law enforcement, counter intelligence, security, finances, or generally required business safety requirements and practices. But he or she is also well versed in the rule of law. If the Risk Analyst requires the need of a private investigator, he or she hires an outside licensed individual to conduct any investigations.  The same is applied for forensic audits.  If during a Risk Analysis, the Risk Analyst requires the need of a forensic audit of accounting records, the Risk Analyst outsources this requirement to a duly licensed Forensic Accountant to complete the audit and turn his or her findings over to the Risk Analyst for transmittal to the client. However, if a Risk Analyst determines that a violation of the law has occurred, he or she is compelled, by law, to inform the client of the occurrence in order for the client to adhere to the Misprision of A Felony law.  

THE VALUE OF A RISK MANAGEMENT PROGRAM & A RISK ANALYST

Overtime, the savings to a business or individual is realized when the money saved far outweigh the investment.  For example, some of the Risk Analysis cases I’ve conducted have realized a savings for my clients due to the recovery of assets totaling millions of dollars and in some instances have dramatically changed the way a company conducts business.

EVERYDAY EXAMPLES OF A RISK MANAGEMENT PROGRAM

Normally, individuals don’t realize he or she is executing a Risk Management program in their daily lives. More specifically, if you have your vehicle on a regular maintenance program to change the oil, or if you have an in-place practice of securing your passwords for on-line internet activities, or if you own a livestock ranch and you check the fencing daily to ensure the escape of your livestock is minimized, you are conducting an in-house Risk Management Program.

“Until Next Time, Keep Em Between The Bridle!”

Copyright 2019, All Rights Reserved

Richard E. “Rick” Dennis
Managing Member
Freelance Writer and Author
Phone: (985) 630-3500
Email: richardedennis@outlook.com

Web Site: http://www.richardedennis.net

468 ad

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.