**1.3. The steps involved in managing risk**

360 Risk Management – Current Issues and Challenges

aware of the market, collect data and predict forthcoming threats so that a company can manage the risks in a successful manner. Risk manager duties include developing and communicating risk polices and process, building risk models involving market, conducting credit and operational risk analysis, coordinating with concerned stakeholders involved in

Risk management not only prevents organizations from entering a dangerous and uncertain territory, which could lead to a catastrophic failures, but also ensure the development and growth of the business. The depth and clarity with which a risk is defined is critical for risk management. In an event where an organization has a low risk situation at hand and decides to postpone rather than resolve the issue involved for financial or other reasons, the risk may eventually become a threat of moderate to high level and this could prove to be disastrous for management. Ignoring the risks that apply to the business activities or the

A systematic approach to managing risk is now regarded as best management practice. The approach taken almost always benefits the organization irrespective of type of risk involved. Once the risk is identified it is documented in detail; subsequently the concerned stakeholders undertake possible risk management and mitigation processes. A comprehensive review of the situation and critical feedback are usually required that may ultimately lead to changes in the

Organizations that thrive to be successful constantly monitor themselves and willfully undertake only calculated risks. In doing so, they enjoy a competitive advantage in addition to meeting their business objectives. In era of globalization, companies are often expanding their business opportunities and in the process, they may undertake challenging and ambitious projects. In most cases, they need to take a number of risks. In this regard, businesses such as Microsoft, Google, and Wal-Mart appear to have been successful global

Risk management decisions should be a part of business objectives. Every new project, policy or invention should include all the possible anticipated risks that one may possibly confront. Decision making process needs to consider threats identified, its impact and reaction on the business. By making a careful analysis, companies will have fewer surprises and thus may in the end spend less time recovering from the losses that may be inevitable at times. When companies do not have "a keen eye on the kind of risk", risk retention can become a legitimate way of managing the risk. Figure 2 shows the six steps involved in the risk management process: establish the context, identify the risk, analyze the risk, evaluate

the process and creating a risk awareness culture in the organization.

events that have been planned could impact on the following:

health and safety of employees, customers, volunteers and participants.

organizational polices and structures; particularly in case of a major events.

players mainly because they were able to manage risk in a timely manner.

customer and public confidence in the organization;

 credibility, reputation and status; equipment and the environment; financial position of the concerned; and

the risk, and manage and review the risk.

Source: AS/NZS 4360:2004

**Figure 2.** The steps in risk management

#### *1.3.1. Establish goals and context*

To establish context and define goals is an important step. Once the context is established it is critical that the risk is defined and the objectives are set. Also important is to know the limitations of the risk strategies proposed. An effective risk management team understands the needs of the organization and the way it operates. Once the goal is defined there is a need to identify the scope of the context. In general, these factors can be classified into strategic and operational risks. Strategic risk management includes economic, social, environmental, political, legal and public issues; while operational risk management includes technological, human resource, financial, reputation and other relevant strategic issues. Clearly, management may not be able to totally control the many factors but the risks posed by them could indeed be minimized.

The process of risk management has to be simple, precise and effective. For it to be effective, organizations should consider strength, weakness, opportunities and threats (SWOT) type analysis of the situation. By conducting SWOT analysis, the management can identify and analyze different situations [7]. Once threats are identified, appropriate measures and decisions may then be taken to convert the threat into an opportunity. The organizational context provides an understanding of the organization, its capability and goals, objectives and strategies. In establishing the context the identification of stakeholders is critical; these

are individuals who may affect, or be affected by decisions made by the risk management team. For example, stakeholders may be employees, volunteers, visitors, insurance organizations, government agencies or suppliers etc. Each stakeholder will have different needs, concerns and opinions; therefore it is important to communicate with the stakeholders involved in the process of addressing risks.

Importance of Risk Analysis and Management –The Case of Australian Real Estate Market 363

The tools most commonly employed to measure risks include qualitative techniques [10]. Melton [11] described the tools as probability and impact analysis tools and Webb [4] called these likelihood and consequences tools. A risk matrix presentation tool (qualitative technique) can provide better insights to the nature of a risk. Risk matrix is often used as a tool to display different risks once they have been analyzed. It allows an organization to mark a threshold above which risks will not be tolerated; or will receive additional treatment from the board or delegated staff. In Figure 3 the threshold is set at risks score of 5 or above. It is

then important to ask the following questions in relation to each of the identified risks:

Are there any controls currently in place to manage the risk - if yes then, are there any

In this step the tolerance of the risk is determined; that is, whether the identified risk is

An acceptable risk is a type of risk that that a business can tolerate; a loss for example- the risk does not have major impact on business. An acceptable risk has to be constantly monitored, reviewed and documented so that it remains tolerable. A risk is deemed to be an

acceptable or unacceptable. The evaluation takes into account the following: importance of risk management and possible outcomes of a risky activity;

 potential and actual losses that may arise from the risk; benefits and opportunities presented by the risk; and

What is the likelihood of the risk occurring?

**Figure 3.** Risk matrix Source: adapted from Austrac

degree of control one has over the risk.

acceptable risk because of following reasons:

*1.3.4. Evaluate risks* 

What are the consequences if the risk should occur? and

remaining risks?

What is the level of the risk?
