The document provides an overview of risk management, including definitions of risk, types of risk (operational, reputational, business, cyber), categories of corporate risk, approaches to managing risk (avoidance, reduction, transfer, retention), sources of risk that can lead to crisis, and the stages of crisis management (pre-crisis, crisis response, post-crisis). It also discusses risk fundamentals such as perception of risk, risk approaches, cause and effect analysis, resilience, risk management processes, and factors to consider within an organization.
1. Introduction to Risk Management
Mana.6330
Overview
Risk Management is the continuing process to identify, analyze,
evaluate, and treating loss exposures and monitoring risk
control and financial resources to mitigate the adverse effects of
loss.
Enterprise Risk Management, expands the province of risk
management to define risk as anything that can prevent the
company from achieving its objectives.
Risk Management
OverviewOperationalReputationalBusinessCyber
Corporate Risk can be defined in four categories.
The four basic types of risk management to consider:
Risk Avoidance
Risk Reduction
Risk Transfer
Risk Retention
Risk Items that can produce CRISIS
Economic: Events or situations like strikes, market crashes, and
labor shortages.
Informational: Loss of important information (organizational
records, public and confidential records), theft through phishing
attacks, social engineering, leaking of sensitive data.
2. Physical: Comprised major equipment, loss of suppliers
disruption in key operations.
Human Resources: Loss of key team members, vandalism,
and/or workplace violence.
Reputational: Rumors/gossip hurt the reputation of the
organization.
Psychopathic: Terrorism, kidnapping, tampering with products.
Natural Disasters: Tornadoes, earthquakes, fire, flash floods,
disease outbreaks, etc.
CRISIS is the final step of Risk, taking no action for risk
mitigation
The Stages of Crisis Management
Stages of Crisis Management
Pre-Crisis
Crisis Response
Post-Crisis
Prevention and preparation, i.e., reducing the known risks that
can lead to crisis.
When management must respond to a crisis.
The post-mortem phase is when companies look for ways to
better improve preparations for the next crisis as well as fulfill
commitments made during crisis response.
Risk
“…risk has always been with us.”
Thomas Aquinas
Risk: “…the possibility that events will occur and effect the
achievement of objectives.”1
This the typical definition which should alert the reader to the
fact that both qualitative and quantitative probabilities are
required in the recognition of risk.
3. 1 COSO 2017
Risk Fundamentals
Perception of risk is subjective.
Risk approach is driven by a tendency to look backwards.
Observation is the key to “risk”.
“Cause and Effect” which is the most common approach.
Thought must be expanded to “Cause – Event – Effect (or the
Consequence)”
Example of Cause and EffectYearCauseEventEffect2001Rise of
Islamic fundamentalism; failure of intelligence; inadequate air
defense systems; lax of airport securityWorld Trae Centre
(9/11) terrorist attack3,000+ deaths in the WTC; second Iraq
war; global security crackdown.2010Defective cement on the
well; cost-cutting decisions; inadequate safety systems;
inadequate industry practices and government policiesBP
Deepwater Horizon, Macondo wellTotal discharge at 4.9 million
barrels; clean-up costs, charges and penalties more than $65
billion; disaster for the ecology
Risk Fundamentals continued
Risk management is critical in enhancing resilience, that is the
ability to anticipate and respond to change.
Strategic Resolutions are part of the daily understanding
running a business is making choices and trade-offs.
Risk management is not just involved in assessing the project
and the details, but involved in response development and
response controls and making sure that contingency plans are
adequate if a high-impact event or events happen.2
4. 2. Mastering Risk Management,pg.17
Risk Fundamentals continued
Risk Management is as much about continuous improvement
and increasing the range of opportunities, as about threats and
hazards.
Management of a firm is driven by its objectives.
Understanding risk will force clarity in the objectives
Embed risk management within the firm
Build and align the culture of the firm.
Provides structure, internal controls and reduce ineffectiveness
Consistent and continuous risk process
Risk Fundamentals continued
Risk Management approach for resolution:
Identify the risk
Assess the risk
Treat the risk
Monitor and report on the risk
Risk Concepts within the Organization
Five factors to consider in all Risk:
Corporate Strategy
Supply Chain Organization
Process management
Performance Metrics
Information and Technology
Risk Concepts within the Organization continued
5. Another approach to Risk management can be defined as once
the “event” occurs how does the company respond:
Risk Avoidance: withdrawing from a risk scenario or deciding
not to participate
Risk Reduction: keep risk to an acceptable level and reduce
severity of loss
Risk Transfer: risk can be reduced or made more acceptable if it
is shared
Risk Retention: accepting risk and accounting for it in
budgeting
Migso-pcubed.com/blog/pmo-project-delivery/four-step-risk-
management-process/
Introduction to Risk Management
Mana.6330
Overview
Risk Management is the continuing process to identify, analyze,
evaluate, and treating loss exposures and monitoring risk
control and financial resources to mitigate the adverse effects of
loss.
Enterprise Risk Management, expands the province of risk
management to define risk as anything that can prevent the
company from achieving its objectives.
Risk Management
6. OverviewOperationalReputationalBusinessCyber
Corporate Risk can be defined in four categories.
The four basic types of risk management to consider:
Risk Avoidance
Risk Reduction
Risk Transfer
Risk Retention
Risk Items that can produce CRISIS
Economic: Events or situations like strikes, market crashes, and
labor shortages.
Informational: Loss of important information (organizational
records, public and confidential records), theft through phishing
attacks, social engineering, leaking of sensitive data.
Physical: Comprised major equipment, loss of suppliers
disruption in key operations.
Human Resources: Loss of key team members, vandalism,
and/or workplace violence.
Reputational: Rumors/gossip hurt the reputation of the
organization.
Psychopathic: Terrorism, kidnapping, tampering with products.
Natural Disasters: Tornadoes, earthquakes, fire, flash floods,
disease outbreaks, etc.
CRISIS is the final step of Risk, taking no action for risk
mitigation
The Stages of Crisis Management
Stages of Crisis Management
Pre-Crisis
Crisis Response
Post-Crisis
Prevention and preparation, i.e., reducing the known risks that
7. can lead to crisis.
When management must respond to a crisis.
The post-mortem phase is when companies look for ways to
better improve preparations for the next crisis as well as fulfill
commitments made during crisis response.
Risk
“…risk has always been with us.”
Thomas Aquinas
Risk: “…the possibility that events will occur and effect the
achievement of objectives.”1
This the typical definition which should alert the reader to the
fact that both qualitative and quantitative probabilities are
required in the recognition of risk.
1 COSO 2017
Risk Fundamentals
Perception of risk is subjective.
Risk approach is driven by a tendency to look backwards.
Observation is the key to “risk”.
“Cause and Effect” which is the most common approach.
Thought must be expanded to “Cause – Event – Effect (or the
Consequence)”
Example of Cause and EffectYearCauseEventEffect2001Rise of
Islamic fundamentalism; failure of intelligence; inadequate air
defense systems; lax of airport securityWorld Trae Centre
(9/11) terrorist attack3,000+ deaths in the WTC; second Iraq
war; global security crackdown.2010Defective cement on the
well; cost-cutting decisions; inadequate safety systems;
8. inadequate industry practices and government policiesBP
Deepwater Horizon, Macondo wellTotal discharge at 4.9 million
barrels; clean-up costs, charges and penalties more than $65
billion; disaster for the ecology
Risk Fundamentals continued
Risk management is critical in enhancing resilience, that is the
ability to anticipate and respond to change.
Strategic Resolutions are part of the daily understanding
running a business is making choices and trade-offs.
Risk management is not just involved in assessing the project
and the details, but involved in response development and
response controls and making sure that contingency plans are
adequate if a high-impact event or events happen.2
2. Mastering Risk Management,pg.17
Risk Fundamentals continued
Risk Management is as much about continuous improvement
and increasing the range of opportunities, as about threats and
hazards.
Management of a firm is driven by its objectives.
Understanding risk will force clarity in the objectives
Embed risk management within the firm
Build and align the culture of the firm.
Provides structure, internal controls and reduce ineffectiveness
Consistent and continuous risk process
Risk Fundamentals continued
Risk Management approach for resolution:
Identify the risk
Assess the risk
9. Treat the risk
Monitor and report on the risk
Risk Concepts within the Organization
Five factors to consider in all Risk:
Corporate Strategy
Supply Chain Organization
Process management
Performance Metrics
Information and Technology
Risk Concepts within the Organization continued
Another approach to Risk management can be defined as once
the “event” occurs how does the company respond:
Risk Avoidance: withdrawing from a risk scenario or deciding
not to participate
Risk Reduction: keep risk to an acceptable level and reduce
severity of loss
Risk Transfer: risk can be reduced or made more acceptable if it
is shared
Risk Retention: accepting risk and accounting for it in
budgeting
Migso-pcubed.com/blog/pmo-project-delivery/four-step-risk-
management-process/
10. Introduction to Risk Management
Mana.6330
Overview
Risk Management is the continuing process to identify, analyze,
evaluate, and treating loss exposures and monitoring risk
control and financial resources to mitigate the adverse effects of
loss.
Enterprise Risk Management, expands the province of risk
management to define risk as anything that can prevent the
company from achieving its objectives.
Risk Management
OverviewOperationalReputationalBusinessCyber
Corporate Risk can be defined in four categories.
The four basic types of risk management to consider:
Risk Avoidance
Risk Reduction
Risk Transfer
Risk Retention
Risk Items that can produce CRISIS
Economic: Events or situations like strikes, market crashes, and
labor shortages.
Informational: Loss of important information (organizational
records, public and confidential records), theft through phishing
attacks, social engineering, leaking of sensitive data.
Physical: Comprised major equipment, loss of suppliers
disruption in key operations.
Human Resources: Loss of key team members, vandalism,
and/or workplace violence.
Reputational: Rumors/gossip hurt the reputation of the
organization.
11. Psychopathic: Terrorism, kidnapping, tampering with products.
Natural Disasters: Tornadoes, earthquakes, fire, flash floods,
disease outbreaks, etc.
CRISIS is the final step of Risk, taking no action for risk
mitigation
The Stages of Crisis Management
Stages of Crisis Management
Pre-Crisis
Crisis Response
Post-Crisis
Prevention and preparation, i.e., reducing the known risks that
can lead to crisis.
When management must respond to a crisis.
The post-mortem phase is when companies look for ways to
better improve preparations for the next crisis as well as fulfill
commitments made during crisis response.
Risk
“…risk has always been with us.”
Thomas Aquinas
Risk: “…the possibility that events will occur and effect the
achievement of objectives.”1
This the typical definition which should alert the reader to the
fact that both qualitative and quantitative probabilities are
required in the recognition of risk.
1 COSO 2017
12. Risk Fundamentals
Perception of risk is subjective.
Risk approach is driven by a tendency to look backwards.
Observation is the key to “risk”.
“Cause and Effect” which is the most common approach.
Thought must be expanded to “Cause – Event – Effect (or the
Consequence)”
Example of Cause and EffectYearCauseEventEffect2001Rise of
Islamic fundamentalism; failure of intelligence; inadequate air
defense systems; lax of airport securityWorld Trae Centre
(9/11) terrorist attack3,000+ deaths in the WTC; second Iraq
war; global security crackdown.2010Defective cement on the
well; cost-cutting decisions; inadequate safety systems;
inadequate industry practices and government policiesBP
Deepwater Horizon, Macondo wellTotal discharge at 4.9 million
barrels; clean-up costs, charges and penalties more than $65
billion; disaster for the ecology
Risk Fundamentals continued
Risk management is critical in enhancing resilience, that is the
ability to anticipate and respond to change.
Strategic Resolutions are part of the daily understanding
running a business is making choices and trade-offs.
Risk management is not just involved in assessing the project
and the details, but involved in response development and
response controls and making sure that contingency plans are
adequate if a high-impact event or events happen.2
2. Mastering Risk Management,pg.17
Risk Fundamentals continued
Risk Management is as much about continuous improvement
13. and increasing the range of opportunities, as about threats and
hazards.
Management of a firm is driven by its objectives.
Understanding risk will force clarity in the objectives
Embed risk management within the firm
Build and align the culture of the firm.
Provides structure, internal controls and reduce ineffectiveness
Consistent and continuous risk process
Risk Fundamentals continued
Risk Management approach for resolution:
Identify the risk
Assess the risk
Treat the risk
Monitor and report on the risk
Risk Concepts within the Organization
Five factors to consider in all Risk:
Corporate Strategy
Supply Chain Organization
Process management
Performance Metrics
Information and Technology
Risk Concepts within the Organization continued
Another approach to Risk management can be defined as once
the “event” occurs how does the company respond:
Risk Avoidance: withdrawing from a risk scenario or deciding
not to participate
Risk Reduction: keep risk to an acceptable level and reduce
severity of loss
14. Risk Transfer: risk can be reduced or made more acceptable if it
is shared
Risk Retention: accepting risk and accounting for it in
budgeting
Migso-pcubed.com/blog/pmo-project-delivery/four-step-risk-
management-process/
Name the "risk types" Amazon used, in a table, that describes
the Cause-Event-Effect; include anticipated consequences. we
discussed these in class 23 August and covered them in the
provided power-points. Part of your response may be your own
opinion based on the details of the article. In addition, were
these good risk decisions?
https://www.wsj.com/articles/amazon-adds-revenue-streams-as-
holiday-season-approaches-
11661091352?reflink=desktopwebshare_permalink
Risk Type
Cause
Event
Effect / Consequences
Risk Reduction
Risk Transfer
Risk Avoidance