*1.3.2. Identify risks*

Identification of risk involves a systematic process of examining situations and finding solutions. The process includes stages such as group discussions and brainstorming sessions to generate a variety of ideas. While all the ideas or issues generated may or may not be relevant, it is important to document all problems, possible impacts and solutions identified. There are four primary areas in which risk can occur in a general business environment:


Risks can be identified by examining records of previous activities or events. Other ways in which risks could be identified are results from past experiences (personal, local or overseas) [8], through conduction interviews of stakeholders (example: Susilawati and Armitage [8]) or by analyzing specific real life or generated scenarios.

## *1.3.3. Analyse risks*

This step determines and addresses the impact of threats that have been documented. Threats identified are rated according to the likelihood of occurrence. The potential of an identified risk can be estimated by the effect it has on financial and other resources. When analyzing a risk, one decides on the relationship between the likelihood of a risk occurring and the consequences of the risk identified. The level of risk is then defined and management of it is then explored. Managing risk can be done in several ways such as contingency planning, using existing assets or making an investment in new resources. The levels of the risks can be classified into


The tools most commonly employed to measure risks include qualitative techniques [10]. Melton [11] described the tools as probability and impact analysis tools and Webb [4] called these likelihood and consequences tools. A risk matrix presentation tool (qualitative technique) can provide better insights to the nature of a risk. Risk matrix is often used as a tool to display different risks once they have been analyzed. It allows an organization to mark a threshold above which risks will not be tolerated; or will receive additional treatment from the board or delegated staff. In Figure 3 the threshold is set at risks score of 5 or above. It is then important to ask the following questions in relation to each of the identified risks:


What is the level of the risk?

362 Risk Management – Current Issues and Challenges

*1.3.2. Identify risks* 

environmental;

*1.3.3. Analyse risks* 

enterprise;

levels of the risks can be classified into

devastating to the enterprise;

or response procedures; and

low: can manage a low level of risk with routine procedures.

stakeholders involved in the process of addressing risks.

beliefs of an individual or organization; and

or by analyzing specific real life or generated scenarios.

are individuals who may affect, or be affected by decisions made by the risk management team. For example, stakeholders may be employees, volunteers, visitors, insurance organizations, government agencies or suppliers etc. Each stakeholder will have different needs, concerns and opinions; therefore it is important to communicate with the

Identification of risk involves a systematic process of examining situations and finding solutions. The process includes stages such as group discussions and brainstorming sessions to generate a variety of ideas. While all the ideas or issues generated may or may not be relevant, it is important to document all problems, possible impacts and solutions identified. There are four primary areas in which risk can occur in a general business environment:

physical: this involves physical assets of the organization, personal injuries and

ethical or moral: involves a perpetuated, actual or potential harm to the reputation or

legal: this includes responsibilities and adherence to the law, rules and regulations of

Risks can be identified by examining records of previous activities or events. Other ways in which risks could be identified are results from past experiences (personal, local or overseas) [8], through conduction interviews of stakeholders (example: Susilawati and Armitage [8])

This step determines and addresses the impact of threats that have been documented. Threats identified are rated according to the likelihood of occurrence. The potential of an identified risk can be estimated by the effect it has on financial and other resources. When analyzing a risk, one decides on the relationship between the likelihood of a risk occurring and the consequences of the risk identified. The level of risk is then defined and management of it is then explored. Managing risk can be done in several ways such as contingency planning, using existing assets or making an investment in new resources. The

extreme: an extreme risk requires immediate action as the potential could be

high: a high level of risk requires action, as it has the potential to be damaging to the

moderate: allocate specific responsibility to a moderate risk and implement monitoring

financial: this could mean loss of funding, insurance costs, fraud, theft, fees etc.;

governing bodies such as the federal, state or local governments.

**Figure 3.** Risk matrix Source: adapted from Austrac

#### *1.3.4. Evaluate risks*

In this step the tolerance of the risk is determined; that is, whether the identified risk is acceptable or unacceptable. The evaluation takes into account the following:


An acceptable risk is a type of risk that that a business can tolerate; a loss for example- the risk does not have major impact on business. An acceptable risk has to be constantly monitored, reviewed and documented so that it remains tolerable. A risk is deemed to be an acceptable risk because of following reasons:

risk level is low and the benefits presented by the risk outweigh the cost of managing it;

Importance of Risk Analysis and Management –The Case of Australian Real Estate Market 365

has a keen interest in safeguarding its assets as well as that of its employees, visitors and volunteers among others. In the process of identifying, analyzing and evaluating risks an

Every organization irrespective of size clearly strives to reduce the risks involved. In order to reduce risk organizations have to align their policies and structures in a consistent manner and constantly monitor business activities. Also, there is a need to allocate resources (financial, human resource, technology etc.) efficiently to improve performance and to win the approval of all stake holders. It is also important to ensure personnel working at different levels in the organization report to the appropriate authorities when a risk is identified. Such a culture enables an organization to document and then undertake suitable and timely measures to avert risks. In the risk management process, data capture and reporting can provide valuable insights into the risk management process. A sample risk management planning template is shown in Table 1. As discussed, risk management team

It is necessary to constantly monitor and evaluate the strategies that are employed to manage risks. This is because risks do not remain the same - new risks are created, existing risks are increased or decreased, some risks may no longer exist and previous or existing risk management strategies may no longer be effective. In the end risks can originate from accidents, legal liabilities, natural causes and disasters, uncertainty in financial markets, credit risk, project

organization improves its management team's ability to make educated decisions.

*1.3.6. Monitor and report effectiveness of risk treatments* 

play a vital role in identifying and addressing risks.

**Table 1.** Risk management planning template


A unacceptable risk is when a business is bound to experience significant losses and such losses cannot be tolerated. In such an event it is important to address and treat the risk in an appropriate manner.

### *1.3.5. Treatments of risks*

Risks may be dealt with in several ways; it can be avoided, reduced, shared or retained. Risk is avoided when appropriate decisions are taken to eliminate all possible pitfalls thereby preventing the situation from occurrence. In most decision making processes, calculations are made and ideas are contemplated to strike a balance between the cost and effect. In such situations calculated risks are accepted and a high risk situation may be reduced by:


In other cases, risk is shared between the stake holders in terms of how profits and losses are shared. This is done mainly to share the impact of a risky event when it occurs. For example, in the era of globalization it is challenging for the companies to enter new markets and countries. In order to minimize uncertainty and exploit business situations that may exist, companies often decide to share risk; careful consideration and research undertaken by the companies often suggest risk sharing. Risk sharing develops opportunities while engaging all partners in achieving strategic goals and the gains and loss are then shared accordingly. The nature of strategies to mitigate risk often depends on the experience of the risk manager who may consider one or more of the following [3]:


It seems the simplest of all methods of addressing a risk is by retaining an identified risk that may not potentially impact upon the operations of a business. It is important to continuously monitor such risks for in the absence of careful monitoring, the risks may become threats in due time.

A dedication towards risk management often projects a wiser professional image to the community. In doing so, the stake holders recognize the fact that the concerned organization has a keen interest in safeguarding its assets as well as that of its employees, visitors and volunteers among others. In the process of identifying, analyzing and evaluating risks an organization improves its management team's ability to make educated decisions.
