The document discusses the risk management process, which consists of 5 steps: 1) identifying risks, 2) analyzing risks, 3) prioritizing risks, 4) treating risks, and 5) monitoring risks. It provides details on each step, such as how to identify potential risks, analyze their scope and severity, rank their priority, implement solutions to address risks, and continuously monitor risks. The goal of the risk management process is to reduce threats to an organization's capital and earnings through a systematic, scientific approach.

1. Instructor- Dr.Riyaz Muhmmad
Whataap:0096605052245998 1
Chapter 2
RISK MANAGEMENT
PROCESS

2. Scientific Approach: Risk management is a
scientific approach to the problem of risk that
has as its objective the reduction and elimination
of risks facing the business firm.
Process : Risk management is the process of
identifying, assessing and controlling threats to
an organization's capital and earnings.
Instructor- Dr.Riyaz Muhmmad 2

3. In the world of finance, Risk management
refers to the practice of identifying potential
risks in advance, analyzing them and taking
precautionary steps to reduce/curb the risk.
Risk management is a process that allows
individual risk events and overall risk to be
understood and managed proactively,
optimizing success by minimizing threats and
maximizing opportunities.
Instructor- Dr.Riyaz Muhmmad 3

4.  The risk management process is a framework
for the actions that need to be taken.
 There are five basic steps that are taken to
manage risk; these steps are referred to as the
risk management process.
 It begins with identifying risks, goes on to
analyze risks, then the risk is prioritized, a
solution is implemented, and finally the risk is
monitored.
Instructor- Dr.Riyaz Muhmmad 4

5. 5
Step 1: Identify the Risk
 The first step is to identify the risks that the
business is exposed to in its operating
environment.
 There are many different types of risks – legal
risks, environmental risks, market risks,
regulatory risks, and much more. It is important
to identify as many of these risk factors as
possible.

6. Step 2: Analyze the risk
 Once a risk has been identified it needs to be analyzed.
The scope of the risk must be determined.
 It is also important to understand the link between the
risk and different factors within the organization.
 To determine the severity and seriousness of the risk it
is necessary to see how many business functions the
risk affects.
 There are risks which can bring the whole business to a
standstill if actualized, while there are risks which will
only be minor inconveniences in analyzed.
Instructor- Dr.Riyaz Muhmmad 6

7. Step 3: Rank the Risk
 Risks need to be ranked and prioritized.
 Most risk management solutions have different categories of
risks, depending on the severity of the risk.
 A risk that may cause some inconvenience is rated lowly, risks
that can result in catastrophic loss are rated the highest.
 It is important to rank risks because it allows the organization
to gain a holistic view of the risk exposure of the whole
organization.
 The business may be vulnerable to several low level risks, but
it may not require upper management intervention.
 On the other hand, just one of the highest rated risks is
enough to require immediate intervention.
Instructor- Dr.Riyaz Muhmmad 7

8. Step 4: Treat the Risk
 Every risk needs to be eliminated or contained as much as
possible. This is done by connecting with the experts of
the field to which the risk belongs to.
 In a manual environment this entails contacting each and
every stakeholder and then setting up meetings so
everyone can talk and discuss the issues.
 The problem is that the discussion is broken into many
different email threads, across different documents and
spreadsheets, and many different phone calls.
Instructor- Dr.Riyaz Muhmmad 8

9. Step 5: Monitor and Review the risk
 Not all risks can be eliminated – some risks are always present.
Market risks and environmental risks are just two examples of
risks that always need to be monitored.
 Under manual systems monitoring happens through diligent
employees. These professionals must make sure that they keep
a close watch on all risk factors.
 Under a digital environment the risk management system
monitors the entire risk framework of the organization. If any
factor or risk changes, it is immediately visible to everyone.
 Computers are also much better at continuously monitoring
risks than people. Monitoring risks also allows your business
to ensure continuity.
Instructor- Dr.Riyaz Muhmmad 9

10.  A risk management plan increasingly includes companies'
processes for identifying and controlling threats to its digital
assets, including proprietary corporate data, a customer's
personally identifiable information and intellectual property.
 Definitions of Risks Management:
◦ It refers to the practice of identifying potential risks in
advance, analyzing them and taking precautionary steps
to reduce/curb the risk.
◦ The forecasting and evaluation of financial risks together
with the identification of procedures to avoid or
minimize their impact.
Instructor- Dr.Riyaz Muhmmad 10

11. 11
 Three factors affect the consequences that are likely if a risk does
occur
◦ Its nature – This indicates the problems that are likely if the risk occurs
◦ Its scope – This combines the severity of the risk (how serious was it) with
its overall distribution (how much was affected)
◦ Its timing – This considers when and for how long the impact will be felt
 The overall risk exposure formula is RE = P x C
◦ P = the probability of occurrence for a risk
◦ C = the cost to the project should the risk actually occur
 Example
◦ P = 80% probability that 18 of 60 software components will have to be
developed
◦ C = Total cost of developing 18 components is $25,000
◦ RE = .80 x $25,000 = $20,000

12. Mehr and Hedges, in their Classic/Traditional Risk Management
in the Business Enterprise objectives are classified in two
categories:
Post-Loss Objectives Pre-Loss Objectives
Survival Economy
Continuity of operations Reduction in anxiety
Earning stability Meeting externally imposed
Continued growth Obligations
Social responsibility Social responsibility
Instructor- Dr.Riyaz Muhmmad 12

13. Value Maximization Objectives:
Risk management decisions should be
appraised against the standard of
whether or not they contribute to
value maximization.
Wealth maximization
Instructor- Dr.Riyaz Muhmmad 13

14. Portfolio of risk management is the process by which an
organization reduces the likelihood of a risk event occurring
or mitigates the effects that risk should it occur. Our preferred
way to determine your risk control strategy is to use the four
T’s Process:
1. Treatment of risk ( Treat) ( Mitigation, Reduction)
2. Transfer of risk (Transfer)
3. Tolerance of risk (Take) ( Retention)
4. Termination of risk (Termination) (Avoidnence)
Instructor- Dr.Riyaz Muhmmad 14

15.  Risk treatment follows risk analysis in the risk
management process and its goal is to select one or
more option for addressing the risk and then
implementing the option(s).
 The five steps of the risk treatment process are:
1. Brainstorming and selecting one or more options for risk
treatment
2. Planning and then implementing the risk treatment(s) selected
3. Evaluating the effectiveness of the risk treatment
4. Determining if the remaining risk after the implementation
of the risk treatment is acceptable (or not)
5. Taking further risk treatment actions if you determine that
the remaining risk is not acceptable
Instructor- Dr.Riyaz Muhmmad 15

16.  Risk transfer is a risk management and control
strategy that involves the contractual shifting of
a pure risk from one party to another.
◦ One example is the purchase of an insurance policy,
by which a specified risk of loss is passed from the
policyholder to the insurer.
◦ Other examples include hold-harmless clauses,
contractual requirements to provide insurance
coverage for another party’s benefit and reinsurance.
Instructor- Dr.Riyaz Muhmmad 16

17.  Risk tolerance relates to risk appetite but differs in
one fundamental way: risk tolerance represents the
application of risk appetite to specific objectives.
 Risk tolerance is best measured in the same units as
the related objectives, and associated performance
criteria.
Risk tolerance has one basic principle, the risk cost
always must be lesser than objective output.
Instructor- Dr.Riyaz Muhmmad 17

18.  Terminating Risk is the simplest and most
often ignored method of dealing with risk. It is
the approach that should be most favored where
possible and simply involves risk elimination.
Instructor- Dr.Riyaz Muhmmad 18

19.  Risk avoidance While the complete elimination of all risk is rarely
possible, a risk avoidance strategy is designed to deflect as many threats as
possible in order to avoid the costly and disruptive consequences of a
damaging event.
 Risk reduction. Companies are sometimes able to reduce the amount of
effect certain risks can have on company processes. This is achieved by
adjusting certain aspects of an overall project plan or company process, or
by reducing its scope.
 Risk sharing. Sometimes, the consequences of a risk is shared, or
distributed among several of the project's participants or business
departments. The risk could also be shared with a third party, such as
a vendor or business partner.
 Risk retaining. Sometimes, companies decide a risk is worth it from a
business standpoint, and decide to retain the risk and deal with any
potential fallout. Companies will often retain a certain level of risk a
project's anticipated profit is greater than the costs of its potential risk.
Instructor- Dr.Riyaz Muhmmad 19

20.  The process should create value.
 It should be an integral part of the organizational
process.
 It should factor into the overall decision making process.
 It must explicitly address uncertainty.
 It should be systematic and structured.
 It should be based on the best available information.
Instructor- Dr.Riyaz Muhmmad 20