Markets and publics are more and more sophisticated these days. Internal and external stakeholders have learned to set expectations from the government and private sectors in the hope of truly uplifting their general living conditions. When ignored, some publics take matters into their own hands, impose dangers and threaten the government or private sector. As a preventive or counter measure, the government and private sector alike must continually innovate and ensure effective service to their publics.

Contrary to common belief, risk management is not simply the analysis of possible losses. Risk management also refers to directly addressing the hazards already encountered with a solution-oriented, win-win mindset. The prevention of further risks and mitigation of existing risks are primary objectives.

While risk is easily associated with negative outcomes, responsible risk-taking or risk management brings about opportunities.

Four (4) components should be considered in scanning the risk environment: types of risk, sources of risk, matters at risk, and control capability level.


Financial Risk: cash, credit, and negotiable instruments
Physical Risk: land, building, and equipment
Human Risk: knowledge, skills and commitment of people
Intangible Risk: reputation, image, brand equity and information
Policy Risk: inappropriate and invalid policy design
Operational Risk: inappropriate and invalid policy implementation
Fiscal Risk: fund mismanagement with inappropriate expenditure and revenue control
Reputation Risk: loss of public trust impairing operations
Business Risks: may pertain to ownership of assets; procedural risks in the usage of assets; and behavioral risks of human assets

Ownership risks could come from external threats like labor group appeals, competitive strategies, natural or man-made physical disasters, political, economic and even technological threats to asset management.

Process risks are hazards, productivity losses resulting from fraudulent transactions, errors and omissions in documentations and reporting.

Behavioral risks
focus on productivity losses stemming form human resource issues. These could refer to underutilization of human assets, job displacement, underemployment, poor leadership, corruption and nepotism practices, or the presence of gender harassment, physical affliction, theft and lawsuits that result in dysfunctional work environs.


Risks can come from external or internal situations. External risks are beyond the subject’s control while internal risks are within the subject’s control or domain.

• External risks may be political, economic or physical in nature. Some examples are: risk of being caught in between opposing political parties; risk of investing in the wrong market; or risks brought about by natural disasters.

• Internal risks refer to the reputation or image of the company or government; security within the organization, effectiveness of knowledge management; or the sufficiency of information for strategic decision-making processes.


Essential matters that may be exposed to risk can be tangible or intangible. Tangible items could be real properties, materiel or supplies and equipment, or people. Intangible matters, on the other hand, are reputation, program results and relationships.


Levels of ability to control the risk can be high, moderate or low. This is in direct proportion to the number of risk factors within the management of the consultant or client.

For risks-related to operations, the control capability level is usually high. For intangible matters like relationships and image, the control capacity level is moderate, while for matters that are totally beyond the control of anyone like natural disasters, control capacity level is low.


Four (4) factors should be considered in determining risk management capacity factors of an entity. These are individual, group, organizational and external factors.

Individual: knowledge, skill set, experience, and risk tolerance
Group: collective willingness to manage risks, risk tolerance level
Organizational: strategic direction, implied or manifest extent of risk tolerance
External: adverse impacts of projects, threats, conflicting claims


Risk management is the systematic approach to setting the best course of action given an environment of disorder and uncertainties. To be able to do this, potential and present risks should be identified and managed. Appropriate courses of actions must be laid down and studied; possible positive and negative outcomes predicted. The process involved in risk management is as follows:
Establish context of risk -> Identification of risk issues -> Assessment/ Understanding/ Prioritizing of risk issues -> Identify solutions to risk issues -> Communicate solutions to risk issues


The most common and most established type of risk managers is economic and financial analysts. Financial losses faced by investors, corporations, government institutions and even aid organizations are minimized or avoided.

Traditional risk management approaches generally do not apply the holistic approach. Social, cultural, economic and political roots and context of risks are not considered. Those who do are often simplistic and shortsighted, and are therefore haphazard. Such an approach does not result in long-term solutions, and would likely lead to more or bigger risks that would be harder to manage.

For companies or service organizations in risk-prone environments, risk management must be holistic, must include long-term plans. Risk management capacity and skills must be developed and improved. Risk management must eventually be integrated in its strategic planning, administration systems, and organizational structure and culture.


Integrated Risk Management is risk management assimilated in the whole framework of the organization including its culture. When employed in a continuous, proactive and systematic fashion from an organizational perspective, risk management becomes an important factor in strategic decisions to attain overall objectives.

Integrated Risk Management has four (4) elements:
Corporate Risk Profile – determines risk tolerance level of current management, external and internal environments, and risk management capacity
Risk Management Function – identification of strategic risk management direction, integration into decision-making, monitoring of specific risk management activities, development of risk management capacity of the organization
Practice or Application – identification of risk problem, identification of type of expert needed, stakeholder analysis; assessment of likely occurrence, specific areas, ranking of priority risk areas; enumeration of target results, available options & strategies, strategy implementation
Continuous Risk Management Learning - increasing risk management awareness, risk management plans and innovations


Both public and private sectors need to employ risk management measures
to ensure optimum results of their programs or projects.
• Government agencies
• Non-government organizations
• International development agencies
• International aid agencies
• UN agencies
• Foreign Investors
• Real Estate Companies
• Transport Companies
• IT Companies
• Mall Operators
• Manufacturing Firm



HOME | © 2008 RiskAsia Consulting, Inc.