In ideal risk management, a prioritization process is followed whereby the risks with the greatest loss (or impact) and the greatest probability of occurring are handled first. Risks with lower probability of occurrence and lower loss are handled in descending order. In practice the process of assessing overall risk can be difficult and balancing resources used to mitigate between risks with a high probability of occurrence but lower loss, versus a risk with high loss but lower probability of occurrence can often be mishandled.
Risk to the Business or the Project going haywire is nothing but the possibility that an event will occur that adversely affects the achievement of an objective. Uncertainty, therefore, is a key aspect of risk. Systems like the Committee of Sponsoring Organizations of the Treadway Commission Enterprise Risk Management (COSO ERM), can assist managers in mitigating risk factors. Each company may have different internal control components, which leads to different outcomes. For example, the framework for ERM components includes Internal Environment, Objective Setting, Event Identification, Risk Assessment, Risk Response, Control Activities, Information and Communication, and Monitoring
Risk management do-
-
Create value – resources expended to mitigate risk should be less than the consequence of inaction
-
Be an integral part of organizational processes
-
Be a part of the decision making process
-
Explicitly address uncertainty and assumptions
-
Be a systematic and structured process
-
Be based on the best available information
-
Be tailorable
-
Take human factors into account
-
Be transparent and inclusive
Be dynamic, iterative and responsive to change