RISK MANAGEMENT MOATAZ BELLAH
Topics covered • Risk • Risk management • Risk management steps Plan risk management Identify the risk Analyze the risk Plan risk response Monitoring and control risks
RISK A ship is safe in harbor, but that not what ships is built for.
William G.T. Shedd
Hazard /Risk * Hazard
Potential to cause harm
≠
Risk
Likelihood of harm in defined circumstances
RISK • SO, EVALUATE THE RISK • • • •
WHO ……………... HELP IN ANALYSIS WHERE……………. HELP IN ANALYSIS HOW MUCH…….....LIKELEHOOD HOW LONG…………. SERIOUSNESS
SAFETY RISK VS SAFETY PERCEPTION OF BOTH TERMS: E.g. DRIVING A CAR IS SAFER THAN RIDING A PLAN ALTHOUGH ALL STATISTICS SAY THE RVERSE E.g. DDT HELP US TO KILL MICE ALTHOUGH MEDIA SAY IT KILLS WHICH FRIGTEN PEOPLE TO USE IT IN CERTAIN COUNTRY E.g. SOME MATERIALS RISK CANT BE IDENTIFIED DUE TO LACK OF DATA…..?
cont • FROM THERE WE MUST IDENTIFY SAFETY LIMIT OF EXPOSUE…… • REIDENTIFY RISK WHEN DATA AVAILABLE BUT BEFORE THAT WE WILL DO SAFETY PRECAUTIONS…………………
RISK • Risk:
effect of uncertainty on objectives. An effect is a deviation from the expected — positive and/or negative. Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process).
• Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence. • Positive risk ……..means opportunity So maximize advantage towards it, try to seize it. • Risk occurs in future i.e. future event But what occurs now is called issue
Risk appetite/Risk tolerances • Risk appetite: Amount and type of risk that the company prepared to seek, to accept or to tolerate. • Risk tolerance: Readiness to bear the risk after risk treatments in order to achieve its objectives
Risk and rewards debating • Risk and rewards debating: • More risk means more rewards but that not true in practical life as any company needs more rewards and less risk.
RISK MANAGEMENT • Risk management process includes five stages risk identification, risk analysis, risk evaluation(Risk assessment), risk treatment and reviewing and monitoring. • Risk management is identification, assessment ,prioritization of the risk (positive or negative)followed by coordinated and economically application of resources to minimize the probability/impact of unfortunate events or maximize the opportunity i.e. co-ordinated activities to direct and control an organization with regard to risk
Flow diagram for risk management Identification of risk
Assessment of risks
Prioritization of risks
Minimize/monitoring/ controlling probability/impact of unfortunate events
Resourced
Maximizing opportunities
Application of risk management • • • • • • • •
Military Project management Space Medical Engineering Plant Operation Safety Financial portfolio
Benefits of application • Fewer surprises • Effective use of resources • Reassuring stakeholders
Risk management steps • Risk management steps Plan risk management Identify the risk Analyze the risk Plan risk response Monitoring and control risks
1- Plan Risk management How to do this?
Risk identification
Risk analysis
Risk responses-Risk monitoring and controlling
2-Risk identification Definition: • process of finding, recognizing and describing risks. Risk identification involves the identification of risk sources, events, their causes and their potential consequences. Risk identification can involve historical data, theoretical analysis, informed and expert opinions, and interested parties’ needs. • It is best done in group environment • Management/Stakeholder/Employees/Customers
2- Risk identification • Tools used: Brainstorming is the commonest approaches Others, Ishikawa diagram (Cause and effects) Flow Diagram SWOT analysis(Strengths,Weakness,Opportunities, threats)
2- Risk identification • Outcomes (Outputs): Risk register: list of risks identified
3- Risk Analysis • process to comprehend the nature of risk and to determine the level of risk. I.e. TO SET PRIORITY • Sets focus on high priority risks Qualitative Risk analysis
Quantitative Risk analysis
Quick and easy to perform
Detailed and time consuming
Subjective
Analytic
3- Risk Analysis Qualitative Risk analysis
Quantitative Risk analysis
Quick and easy to perform
Detailed and time consuming
Subjective
Analytic
• Tools used: Probability/impact matrix (Failure mode and effect analysis FMEA) Qualitative Risk analysis Expected monitoring value analysis Quantitative Risk analysis Decision tree Quantitative Risk analysis Monte Carlo simulation analysis Quantitative Risk analysis
Decision tree
Monte-Carlo Monte-Carloanalysis analysis
Monte-Carlo analysis
Monte-Carlo analysis
Probability and impact matrix • Each risk is analysed for probability and impact and is assigned • A 9 point rating: 1,3,5,7,9….. • A 5 point rating: v.low…….V.High • A 3 point rating: Low………high • Risk score= prob. x Impact
• Low prob. Score 1 • Impact highly significant score 9 • Risk score= 9
pr o b a bi lit y
High impact /high probability
Low impact /high probability
Low impact /Low probability
High impact /Low probability
Impact
4-Plan risk response • To decrease possibility of negative risk • To increase possibility of positive risk Negative risk
Accept
transfere
Positive risk
Avoid
mitigate
Accept
share
Exploit
Enhance
4-Plan risk response * • Plan changed to avoid the risk by acquiring an expert or improving communication • Reduce (mitigate) risk by develop prototype/additional inspection • Transfer risk to third party : insurance/performance warranty • Accept risk only if no action due to small impact/probability
4-Plan risk response • Exploit: make sure that opportunity happens and seize it : put best members and resources • Enhance: increase probability and impact of positive risk: put best embers and resources • Share: Share the opportunity with third party Forming team , company want to exploit positive risk so share it , why not? • Accept: not actively pursuing it
5-Monitor and control risk • Identify new risk • Remove non-relevant risks even after treatment • Risk audits is performed to ensure implementation of the risk plan • Unexpected risk needs you to perform workarounds (Unplanned responses to risk not identified or expected to happen)
5-Monitor and control risk Risk treatment: process to modify risk. Risk treatment can involve: • ⎯ avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk; • ⎯ taking or increasing risk in order to pursue an opportunity; • ⎯ removing the risk source; • ⎯ changing the likelihood; • ⎯ changing the consequences; • ⎯ sharing the risk with another party or parties (including contracts and risk financing); and • ⎯ retaining the risk by informed decision. • Risk treatments that deal with negative consequences are sometimes referred to as “risk mitigation”, “risk elimination”, “risk prevention” and “risk reduction”. Risk treatment can create new risks or modify existing risks.
Risk control; measure that is modifying risk. • Controls include any process, policy, device, practice, or other actions which modify risk..
Thank you