Business risk assessment


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Business risk assessment

  1. 1. Notes by MS 1
  2. 2. Business risk assessment refers to the assessment ofrisks and opportunities affecting the achievements ofthe organizational goals and objectives.Business risk assessed at three levels. Business riskassessment at all three levels is essential to identify theTHREATS, OPPORTUNITIES and ALTERNATIVES for actionto achieve the organizational goal and objectives:  Strategic: guidance for a time period of 5 to 10 years and assessment performed by senior management. It is usually limited to assessment i.e. Identification, Measurement and prioritization of risk. 2
  3. 3.  Project/Program/Process: for current period of organizational activity. Project manager or process owner is responsible for initial assessment and monitoring or may also share with an oversight committee. It is a mixture/blend of risk assessment in the planning phase and risk management in the implementation phase. Operational: in everyday operations like health and safety issues. This performed by supervisory level or by individuals or work team tasked with a particular management. It is usually focuses on risk management i.e. standard workplace risks and hazards have been already identified in strategic process of assessment; the task is to manage risk to get the job done. 3
  4. 4. Strategic Risk Assessment1. Understanding of overall goals and objectives by examining of fundamental documents and classification of indentified goals and objectives into SHORT, MEDIUM and LONG TERMS issues.2. Choosing of strategic risks that are likely to be of greatest importance: ◦ Operational risk is that entity will not meet its operational goals and objectives. ◦ Fiscal risk is that deficiencies in expenditure control and revenues will adversely affect agreed-up outcomes or objectives. ◦ Reputation risk is that some action by the entity will impair the ability to reach its goals and objectives. ◦ Other strategic risk, such as Policy, Regulatory etc. 4
  5. 5. 3. Definition of various important and relevant environments and uncertainties: ◦ Political / Government ◦ Technological ◦ Legal and Regulatory ◦ Competitors ◦ Customers, Constituents and stakeholders ◦ Physical ◦ Markets ◦ Suppliers ◦ Economic/Financial 5
  6. 6. 4. Creation of series of matrices …… environments (step 3) X identification based on time (step 1)5. Using of various creative processes such as brainstorming, imagine scenario of possible threats and opportunities for each cell of matrix. Thinking outside the box as much as possible.6. Combining of the risk assessment for various goals and objectives for each of the three time horizon to get a composite strategic risk assessment. 6
  7. 7. Project Risk AssessmentIt uses a different method to identifying riskand opportunity. The method can be one orcombination from the following: ◦ Exposure analysis based on assets involved ◦ Environmental analysis based on study of changes ◦ Threats scenario by exploring various narrative scenarios under numbers of different conditions, especially for catastrophic events and frauds 7
  8. 8. Observation or/and measurement of risk is a difficultsubject, therefore, risk factors are used that are eitherobservable or measurable characteristics of conditionsat risk.A standard set of risk factors and criteria should beestablished to measure and rank projects according totheir perceived risk.Each project, program or process to be formallyassessed for risk should be scored by the projectinitiator with the established risk factors based onunderstanding of the project, program or process andthe perception of risk as described. 8
  9. 9. Procedure of Project Risk Assessment ◦ Identify Risk: use one or more methods to identify risk i.e. Exposure, Environmental and/or Threat analysis. 9
  10. 10. Measure Risk/Develop Alternatives: ◦ Read each factor and sub-criteria for familiarization with aim of each. ◦ Consider the project, program or process using each of the factors/criteria. ◦ Score each factor for the project, etc. on a scale of 1 to 5 (lowest to highest) based on your subjective assessment of the strength/weakness or presence/absence of the criteria. ◦ Sum the scores for the each factor and divide by the number of factors to get the average score. ◦ High risk score are those with an average of 4.25 or more. Low risk scores are those with an average score less than 2.25. These are starting figures that can be adjusted for experience. ◦ Analyze high-risk areas and develop alternatives i.e. controls and other risk management techniques, to deal with each of the high risk components. ◦ Price out the alternatives and compare risk and cost. 10
  11. 11. Control design: choose the most cost-effectivecontrols within reasonable prudence andorganizational tolerance for accepting risk.Risk Management: monitor risk and hazards,making adjustments to the project plan asnecessary to meet changing conditions. 11
  12. 12. Operational Risk ManagementOperational risk is the day to day mitigation of safetyand health risks of employees performing their jobs.Operational risk also covers visitors and temporaryworkers in the workplace and risk to general public dueto operations.The focus of operational risk is on risk management.Risk assessment usually done by a specialist involved inworkplace risk: ◦ Health Risk ◦ Safety Risk ◦ Environmental Risk 12