1. An Introduction To
Risk Management
Andrei Crăciun
an IV CTI

2. What is risk?
Risk is virtually anything that threatens or limits the ability of
a group, community or non-profit organisation to achieve its
mission.
What is risk management?
Risk management is a process of thinking systematically about
all possible risks, problems or disasters before they happen
and setting up procedures that will avoid the risk, or minimise
its impact, or cope with its impact.

3. Risk management begins with three basic
questions:
1. What can go wrong?
2. What will we do to prevent it?
3. What will we do if it happens?
Why should we bother with risk management?
1. To ease our job
2. For the safety of the people we are “coding” for
3. The threat of possible litigation

4. Risk management systems
Setting up risk management systems is about preparing some
written procedures to be put in place to ensure what, how,
and when action has been undertaken or is to be undertaken
– and by whom.
While it is important that our risk management plan takes as
many possibilities as possible, it is also important to have
system easily understood by the management team.
To be effective, it has to be workable.
This can be done in three steps:
- step one: making someone responsible for the risk
management (risk manager)
-step two: review the group and identify the risks (make
him work)

5. Identifying risk
Risks come in two kinds: risks that apply to every workplace
or organisation, and risks that come from doing the particular
work you do (the particular project we are dealing with).
Standard risks are:
Occupational health and safety (very important)
Financial and administrative risks
We can meet unique risks

6. Step three (Fix what you can fix)
Change the attitude, the system, the procedures at hazards.
“Bugs happen”. It is however important to have a system that
minimizes potential damage. Evaluate the effect of the
changes. Review them regularly and modify if needed.
obs.! We can’t foresee all possible risks; we must keep
in mind that we can face the unexpected. That’s why we need
structures that deal with possible errors (try, catch, default –
for example). People SUE when they get harmed (physically,
or economically).

7. Evaluating and prioritizing risk
That needs a lot of estimation, but guessing shouldn’t be
avoided (it’s better that waiting for something bad to happen
in order to be sure of it).
Draw a simple grid.
High probability High probability
Low impact High impact
Low probability Low probability
Low impact High impact

8. Managing risk
When we have the table, we should resolve the issues that
have the high probability and high impact first. While
eliminating, we should constantly keep the reviewing the
formed table. We must see which risks can be avoided
altogether or eliminated, and we must minimize the loss of
those who can’t be eliminated.
We must keep in mind the balance between risk and benefit
(if we eliminate a risk, but also an objective – no good) and
the balance between risk and cost or convenience (if the task
costs more than it damages – no good either).

9. Insuring against risk
Risk has to be avoided or minimized. If we can’t treat every
case scenario (theft, meteorite shower, zombie apocalypse),
we can have an insurance. However, insurance is not a
substitute for risk management, since it should be done only
after we have done everything else.