Study guide for Risk Unit 2

BBA 4226, Risk Management 1

Course Learning Outcomes for Unit II Upon completion of this unit, students should be able to:

1. Examine the elements of the risk management process. 1.1 Illustrate the use of the risk management process.

2. Analyze the parameters used to categorize risks.

2.1 Categorize risks based on specific parameters.

Course/Unit Learning Outcomes

Learning Activity

1.1 Unit II Scholarly Activity

2.1 Chapter 3 Unit II Lesson Unit II Scholarly Activity

Reading Assignment Chapter 3: Risk

Unit Lesson We live in interesting and uncertain times, and they are only going to become more complex and risky as the future unfolds. Individuals and organizations must adapt to an increasingly uncertain environment in order to identify, mitigate, and survive potential damaging risks. Often, when we think of corporate risks, we think of natural disasters (e.g., earthquakes and tornados) or even man-made disasters (e.g., fires or attacks such as the one on September 11, 2001, an oil spill such as the one caused by BP in the Gulf of Mexico, or information technology (IT) security breaches). Yet, we tend to forget man-made disasters such as the financial crisis of 2008, which is considered one of the worst global financial crises of all time because of its ripple effect around the world. We also tend to overlook disruptions in the supply chain of corporations that could be equally distressing to a company’s survival. Because of the interconnectedness of the world, an interruption of supplies in one side of the world can have very disruptive and lasting negative effects in another side. In today’s economy, many risks have an effect around the world. Thus, it is critical that corporations and governments implement risk management strategies. First, however, let’s start with defining what risks are all about. Risk Risk is defined as the probability and consequence of not achieving a specific goal. As an example, can the project be completed within budget? Risk is the probability of loss or the expectation of an unfavorable outcome as a result of a particular action. Risk is really a measure of future uncertainties or the combination of an event occurring and the consequences of that event. Newsome (2014) noted that there are different standards of risk definitions but settled on risks as the “changes, effects, and consequences” of an event’s potential returns (p. 25). Thus, risk is associated with all future adverse outcomes of an action. A good description of risks facilitates the understanding, identification, and analysis of risks (Newsome, 2014). A detailed risk definition and description is the first step to identifying risks. An example of a structured standardized version of risk description is depicted in Table 3.2 on page 29 of your textbook.

UNIT II STUDY GUIDE

Risk

BBA 4226, Risk Management 2

UNIT x STUDY GUIDE

Title

Components of Risk Risks have three main components: 1) A future cause (yet to take place), that if corrected prevents a probable consequence from occurring, 2) risk as a probability of a potential undesirable event occurring, and 3) the consequence of the potential future event. A future (not yet identifiable) root cause is the main reason for the presence of risk. Risks should not be confused with issues; if a root cause has already been identified in the past tense, then it has already occurred. Therefore, it is an issue to be resolved, but it is not a risk. Risks are undesirable occurrences that have not yet taken place. Newsome (2014) provides a formula for risk that mathematically is represented as risk being the product of probability (p) and return (R) or consequence, giving us risk as risk = p x R. Depending on the definition of risk, another well-known conceptual risk representation can be defined as a function of uncertainty and loss (damage) denoted by the equation risk = (event, uncertainty, damage). Therefore, as uncertainty and damage increase, so does risk. Another element of risk is the cause of risk. The presence or absence of something introduces or causes a risk. The awareness of the hazard (something) minimizes the danger of it. As an example, a pothole in the road presents a greater danger to the unware driver than the driver who is aware of the hole’s existence and drives around it. This leads to another conceptual equation of risk as risk = (hazard, safeguard). For this course, we will use the broader more accepted definition of risk as risk = (Probability of an event) times the (Consequences of an event). This simplified equation evaluates risk in terms of two distinct elements: 1) the likelihood that an event will occur and 2) the consequences or effect of the occurrence of the event.

Analysis of Probability and Consequence An analysis of risk probability and the consequences of that risk can be illustrated by estimating the likelihood of each of the risks occurring in an event. Pinto (2016) recommended that a risk impact analysis matrix be used to identify risks prioritized according to the probability of occurrence. The matrix, shown below, also depicts the potential consequences of the event. Probability combined with consequence can provide a better sense of overall impact to a project. The fundamental reason to use a risk matrix is to develop a better sense of urgency and priority when addressing potential risk events. Further, a risk matrix helps in identifying the types of risks that are more relevant to the success of an endeavor. High risks, those falling into the high probability and high consequence quadrant combination, can then adequately be given priority in the contingency planning when

CORE CONCEPTS

Risk as function of probability and consequence of an event represented by the equation:

Risk = (Probability of Event) x (Consequences of Event)

BBA 4226, Risk Management 3

UNIT x STUDY GUIDE

Title

executing a project. We will be covering the use and advantages of using a risk matrix to mitigate risks in future units. Risks Identification Most literature on risk management uses “risk analysis and risk assessment” as an umbrella that includes both risk identification and risk analysis. For this course, we will first concentrate on the definition of risk. Risk analysis helps in identifying and calculating the potential consequences of risks, but before a risk can be analyzed or assessed, it must be identified. The goal of risk identification is to be able to answer the question: “What can go wrong?” As an example, a given project risk identification can be initiated by answering the following questions:

 What can go wrong with the proposed process, design, supplier, operational employment, resources, and dependencies?

 What can go wrong with monitoring results, specifically failures?

 What can go wrong with reviewing potential shortfalls against expectations? In most activities or projects, risk identification is the process of examining each element to identify the potential root causes. Risk identification should begin as early as possible in any future activity and throughout the lifecycle of any endeavor. As this course progresses, we will review risk analysis and assessment leading to the risk management process model (RMPM). Summary As the course progresses, we will examine risks in more detail along with qualitative and quantitative techniques to assist us in the proper assessment of risks. Other tools are available to calculate risk and its elements, including the different combinations of probability and consequence. While there are many approaches on risk analysis, assessment, and mitigation, we will concentrate on the business and general concepts of risk management.

References Newsome, B. (2014). A practical introduction to security and risk management. Thousand Oaks, CA: Sage. Pinto, J. K. (2016). Project management: Achieving competitive advantage (4th ed.). Upper Saddle River, NJ:

Pearson.