Markets and publics are more and more sophisticated these days. Internal and external stakeholders have learned to set expectations from the government and private sectors in the hope of truly uplifting their general living conditions. When ignored, some publics take matters into their own hands, impose dangers and threaten the government or private sector. As a preventive or counter measure, the government and private sector alike must continually innovate and ensure effective service to their publics.
Contrary to common belief, risk management is not simply the analysis of possible losses. Risk management also refers to directly addressing the hazards already encountered with a solution-oriented, win-win mindset. The prevention of further risks and mitigation of existing risks are primary objectives.
While risk is easily associated with negative outcomes, responsible risk-taking or risk management brings about opportunities.
RISK ENVIRONMENT SCAN
Four (4) components should be considered in scanning the risk environment: types of risk, sources of risk, matters at risk, and control capability level.
TYPES OF RISK
• Financial Risk: cash, credit, and negotiable instruments
• Physical Risk: land, building, and equipment
• Human Risk: knowledge, skills and commitment of people
• Intangible Risk: reputation, image, brand equity and information
• Policy Risk: inappropriate and invalid policy design
• Operational Risk: inappropriate and invalid policy implementation
• Fiscal Risk: fund mismanagement with inappropriate expenditure and revenue control
• Reputation Risk: loss of public trust impairing operations
• Business Risks: may pertain to ownership of assets; procedural risks in the usage of assets; and
behavioral risks of human assets
Ownership risks could come from external threats like labor group appeals, competitive strategies, natural or man-made physical disasters, political, economic and even technological threats to asset management.
Process risks are hazards, productivity losses resulting from fraudulent transactions, errors and omissions in documentations and reporting.
Behavioral risks focus on productivity losses stemming form human resource issues. These could refer to underutilization of human assets, job displacement, underemployment, poor leadership, corruption and nepotism practices, or the presence of gender harassment, physical affliction, theft and lawsuits that result in dysfunctional work environs.
SOURCES OF RISK
Risks can come from external or internal situations. External risks are beyond the subject’s control while internal risks are within the subject’s control or domain.
• External risks may be political, economic or physical in nature. Some examples are: risk of being
caught in between opposing political parties; risk of investing in the wrong market; or risks
brought about by natural disasters.
• Internal risks refer to the reputation or image of the company or government; security within the
organization, effectiveness of knowledge management; or the sufficiency of information for
strategic decision-making processes.
MATTERS AT RISK
Essential matters that may be exposed to risk can be tangible or intangible. Tangible items could be real properties, materiel or supplies and equipment, or people. Intangible matters, on the other hand, are reputation, program results and relationships.
CONTROL CAPACITY LEVEL
Levels of ability to control the risk can be high, moderate or low. This is in direct proportion to the number of risk factors within the management of the consultant or client.
For risks-related to operations, the control capability level is usually high. For intangible matters like relationships and image, the control capacity level is moderate, while for matters that are totally beyond the control of anyone like natural disasters, control capacity level is low.
RISK MANAGEMENT CAPACITY FACTORS
Four (4) factors should be considered in determining risk management capacity factors of an entity. These are individual, group, organizational and external factors.
Individual: knowledge, skill set, experience, and risk tolerance
Group: collective willingness to manage risks, risk tolerance level
Organizational: strategic direction, implied or manifest extent of risk tolerance
External: adverse impacts of projects, threats, conflicting claims
RISK MANAGEMENT MEASURES
Risk management is the systematic approach to setting the best course of action given an environment of disorder and uncertainties. To be able to do this, potential and present risks should be identified and managed. Appropriate courses of actions must be laid down and studied; possible positive and negative outcomes predicted. The process involved in risk management is as follows:
Establish context of risk -> Identification of risk issues -> Assessment/ Understanding/ Prioritizing of risk issues -> Identify solutions to risk issues -> Communicate solutions to risk issues
TRADITIONAL VS. HOLISTIC RISK MANAGEMENT
The most common and most established type of risk managers is economic and financial analysts. Financial losses faced by investors, corporations, government institutions and even aid organizations are minimized or avoided.
Traditional risk management approaches generally do not apply the holistic approach. Social, cultural, economic and political roots and context of risks are not considered. Those who do are often simplistic and shortsighted, and are therefore haphazard. Such an approach does not result in long-term solutions, and would likely lead to more or bigger risks that would be harder to manage.
For companies or service organizations in risk-prone environments, risk management must be holistic, must include long-term plans. Risk management capacity and skills must be developed and improved. Risk management must eventually be integrated in its strategic planning, administration systems, and organizational structure and culture.
INTEGRATED RISK MANAGEMENT
Integrated Risk Management is risk management assimilated in the whole framework of the organization including its culture. When employed in a continuous, proactive and systematic fashion from an organizational perspective, risk management becomes an important factor in strategic decisions to attain overall objectives.
Integrated Risk Management has four (4) elements:
• Corporate Risk Profile – determines risk tolerance level of current management, external and
internal environments, and risk management capacity
• Risk Management Function – identification of strategic risk management direction, integration
into decision-making, monitoring of specific risk management activities, development of risk
management capacity of the organization
• Practice or Application – identification of risk problem, identification of type of expert needed,
stakeholder analysis; assessment of likely occurrence, specific areas, ranking of priority risk areas;
enumeration of target results, available options & strategies, strategy implementation
• Continuous Risk Management Learning - increasing risk management awareness, risk
management plans and innovations
WHO NEEDS RISK MANAGEMENT
Both public and private sectors need to employ risk management measures
to ensure optimum results of their programs or projects.
• Government agencies
• Non-government organizations
• International development agencies
• International aid agencies
• UN agencies
• Foreign Investors
• Real Estate Companies
• Transport Companies
• IT Companies
• Mall Operators
• Manufacturing Firm