**1.1. Definition of risk**

358 Risk Management – Current Issues and Challenges

Source: Adapted from ISO Guide 73

**Figure 1.** The process of risk management

for analysis to help manage and thus minimize risk.

irrespective of the stature of an individual or an organization.

most. The general process and steps involved is presented in Figure 1.

technology, innovation, human resources and time to name a few. In order to adequately address an impending risk, it is important to gather as much factual information as possible

Risk can be classified into both voluntary and involuntary [1]. This classification depends on how an individual or an organization judges the situation. For example, a person with a habit of smoking or drinking fails to associate the habits as involving risks; yet often the habit becomes hazardous and they can significantly affect a person's quality life. Involuntary risk places a person or the organization in a state of ambiguity, where the people involved in the decision making process have not been exposed to a particular circumstance or they lack knowledge and awareness of the particular risk situation. The ability to deal with such risks is a crucial factor in determining successful outcomes

For some individuals, the ability to deal with risk appears to be built in their character but for the rest of us it seems, it is knowledge that can be acquired through training. In order to gain the skill set required so that one to deal with risk, it is important to step out of one's comfort zone and be willing to change, learn, develop new skills, or be challenged to manage risk. Risk management is a methodical approach that could be taught and learnt by

This paper is organized in the following manner: In the next few sections risk is defined and risk management explored focusing on types of risks associated with real estate market. The Australian real estate market is then reviewed and possible risks involved are explored in some depth particularly in terms the global financial crisis. The paper compares the market In the international context, the ISO 31000/ISO Guide 73: 2009 [2] defines risk as the "effect of uncertainty on objectives" (p. 1). When there is a lack of knowledge or exposure to a certain event then such a situation can be termed uncertain. Taking decision on an uncertain event or situation may or may not be successful, which is what risk is about. Many definitions of risk exist in common usage [3-4]; however the ISO definition of risk was developed by an international committee representing over 30 countries and is based on the input of several thousand subject matter experts.

Risk is defined in Australia by the Australia/New Zealand standard for risk management [2] as "the possibility of something happening that impacts on your objectives. It is the chance to either make a gain or a loss. It is measured in terms of likelihood and consequence…" (p. 2). Risk can also be defined as the uncertainty of future events that might influence the achievement of one or more objectives such as an organization's strategic, operational and financial objectives [3]. Risk management may produce positive opportunities for developers although the negative aspects of risk are usually the once that are emphasized [4].

Likelihood of risk occurring varies from industry to industry and how complex a job maybe. Some areas where there is a high chance of risk are construction, transport, mining, health care, sports, finance and banking, insurance and superannuation.

Risk can be broadly understood and explained in three different scenarios [5]: risk versus probability; risk versus threat; and all outcomes versus negative outcomes. It is believed that any risk can be managed through the engagement of a proper risk management process.

#### **1.2. Risk management**

There seems to be an increasing demand of organizations to meet and exceed the financial expectations of shareholders. In the pursuit of growth, many organizations (for example: Toyota) have adapted and responded to expectations of the shareholders by becoming lean and efficient. It is always easy to think that risks and their potential consequences could have been predicted and managed. This is clearly not true when it comes to success in a business. Business success usually requires some acceptance of risk and, as such any risky strategy undertaken may lead to a failure.

In large organizations and corporations there are designated personnel; namely, risk managers. Hillson [6] argued that risk is mostly managed "continuously, both consciously an unconsciously, though rarely systematically" (p. 240). Risk manager's main role is to be

aware of the market, collect data and predict forthcoming threats so that a company can manage the risks in a successful manner. Risk manager duties include developing and communicating risk polices and process, building risk models involving market, conducting credit and operational risk analysis, coordinating with concerned stakeholders involved in the process and creating a risk awareness culture in the organization.

Importance of Risk Analysis and Management –The Case of Australian Real Estate Market 361

To establish context and define goals is an important step. Once the context is established it is critical that the risk is defined and the objectives are set. Also important is to know the limitations of the risk strategies proposed. An effective risk management team understands the needs of the organization and the way it operates. Once the goal is defined there is a need to identify the scope of the context. In general, these factors can be classified into strategic and operational risks. Strategic risk management includes economic, social, environmental, political, legal and public issues; while operational risk management includes technological, human resource, financial, reputation and other relevant strategic issues. Clearly, management may not be able to totally control the many factors but the risks

The process of risk management has to be simple, precise and effective. For it to be effective, organizations should consider strength, weakness, opportunities and threats (SWOT) type analysis of the situation. By conducting SWOT analysis, the management can identify and analyze different situations [7]. Once threats are identified, appropriate measures and decisions may then be taken to convert the threat into an opportunity. The organizational context provides an understanding of the organization, its capability and goals, objectives and strategies. In establishing the context the identification of stakeholders is critical; these

**1.3. The steps involved in managing risk** 

Source: AS/NZS 4360:2004

**Figure 2.** The steps in risk management

*1.3.1. Establish goals and context* 

posed by them could indeed be minimized.

Risk management not only prevents organizations from entering a dangerous and uncertain territory, which could lead to a catastrophic failures, but also ensure the development and growth of the business. The depth and clarity with which a risk is defined is critical for risk management. In an event where an organization has a low risk situation at hand and decides to postpone rather than resolve the issue involved for financial or other reasons, the risk may eventually become a threat of moderate to high level and this could prove to be disastrous for management. Ignoring the risks that apply to the business activities or the events that have been planned could impact on the following:


A systematic approach to managing risk is now regarded as best management practice. The approach taken almost always benefits the organization irrespective of type of risk involved. Once the risk is identified it is documented in detail; subsequently the concerned stakeholders undertake possible risk management and mitigation processes. A comprehensive review of the situation and critical feedback are usually required that may ultimately lead to changes in the organizational polices and structures; particularly in case of a major events.

Organizations that thrive to be successful constantly monitor themselves and willfully undertake only calculated risks. In doing so, they enjoy a competitive advantage in addition to meeting their business objectives. In era of globalization, companies are often expanding their business opportunities and in the process, they may undertake challenging and ambitious projects. In most cases, they need to take a number of risks. In this regard, businesses such as Microsoft, Google, and Wal-Mart appear to have been successful global players mainly because they were able to manage risk in a timely manner.

Risk management decisions should be a part of business objectives. Every new project, policy or invention should include all the possible anticipated risks that one may possibly confront. Decision making process needs to consider threats identified, its impact and reaction on the business. By making a careful analysis, companies will have fewer surprises and thus may in the end spend less time recovering from the losses that may be inevitable at times. When companies do not have "a keen eye on the kind of risk", risk retention can become a legitimate way of managing the risk. Figure 2 shows the six steps involved in the risk management process: establish the context, identify the risk, analyze the risk, evaluate the risk, and manage and review the risk.
