GRC 10

KEY ASSIGNMENT FIRST DRAFT

Author’s name:

Institutional affiliation:

Inherent risk is the kind of risk that occurs in the absence of control. It's the kind of risk that occurs in a process without anything being done to reduce the chances of it happening or the severity of its mishap. It’s the severity of a risk experienced in a process before any risk management methods are put in place. Inherent risk is not easily determined but if it’s considerably low, the amount of work to be put in a process reduces considerably. (Hester, Harrison, & Britain), 2007)

Risk treatment methods

A risk is a situation that can potentially cause negative effects on the success of a process if it arises. The list of potential risks should, therefore, be keenly assessed and properly managed to ensure the success of the process. The probability of the risk occurring and its possible impact on the process should be determined. There are therefore four main approaches used to treat risks.

Risk avoidance : this is the decision of not taking a risk by letting go of the actions that may cause a risk. This mostly applies in cases where there are high chances of experiencing risks and may cause high impact. It is therefore advisable to change the strategy of a process to avoid the risk altogether. Although avoidance of a risk might be a good choice, it also means missing out on the potential advantages that might have been brought about by retaining or accepting the risk.

Risk reduction : this is putting in place mitigation actions to reduce the risk. It involves putting in action a plan to reduce the chances of a specific risk from occurring or reducing the severity of the risk should it occur. Risk mitigation helps reduce the number of problems that may be encountered later in the process hence increasing the chances of success of the process. In risk reduction, a balance should be found between the risk and the benefit of the activity, and between the risk reduction and the efforts being applied. (Kemshall & Wilkinson, 2011)

Risk sharing : this is possible if the project in place involves several partners. All or part of the risk may be transferred to either outsourcing or insurance. If this step is taken, the risk transfer should be properly documented in the contract but in case the contractor or the insurance company goes bankrupt or ends up in court, the original risk will still be directed back to the first party since they still have the legal responsibility for the risk. For insurance, for instance, it's a post-event compensatory mechanism since the risk still lies with the first party and if an event occurs, compensation will be applied to commensurate with the damage.

Risk acceptance : this is choosing to face a risk. it involves accepting the benefits if gain and the losses from risk should an event occur. It’s the best choice for the small impact of risk where the cost of insuring it is greater than the total losses sustained. These are mostly the kind of risks that are too large to be insured against and the coverage amount so high that it may hinder the organization from attaining its goals. (Aven, 2016)

Selecting controls and aligning them to one of the risk treatment methods helps bring a clear understanding of the organization’s tasks, events or outputs that may affect its success. Strategies should, therefore, be put in place to identify the tactics and activities that will be used. The control may either be qualitative or quantitative. Qualitative control describes a set of characteristics that would pose potential consequences and chances it that will occur. It needs further explanation to justify the position of risk. Quantitative control, on the other hand, provides a measurable level of risk understanding using numerical attributes to determine the chances of a risk happening and its consequences (probability and impact). Selecting controls, therefore, aids in the analysis of risk and making decisions on how to deal with the analyzed risks. The risks that should be given further attention are easily identified through the analysis and the required strategies put in place in line with the evaluated risks. An effective risk management framework will then be easily put in place to help minimize the occurrence or impact of the risks. (Jordão & Sousa, 2010)

Residual risk is the type or amount of risk that remains in the process even after all efforts have been made to identify and eliminate the risk. The risk may be due to unknown factors or known factors than cannot be countered. An organization, therefore, transfers or accepts the risk as part of their business. (Haimes, 2016)

References

Aven, T. (2016). fundermental ideas and concepts in risk management and risk assesment . london: Routledge.

Haimes, Y. Y. (2016). risk modelling, assesment and management . Hoboken, New Jersey: Wiley.

Hester, R. E., Harrison, R. M., & Britain), R. S. (2007). Risk assessment and risk management. cambridge: Royal Society of Chemistry.

Jordão, B., & Sousa, E. (2010). Risk management. new york: Nova Science Publishers,.

Kemshall, H., & Wilkinson, B. (2011). Good practice in risk assessment and risk management. 3. london: Jessica Kingsley.