BMA: Chapter 16

Risk

is an uncertain event or condition, which, if it occurs, has a positive or negative effect on a project’s objective

Risk management

the proactive actions taken to identify and manage internal and external threats or actions that could negatively impact on the ability of the organisation to be successful

Enterprise risk management

The process of planning, organising, leading, and controlling the activities of an organisation to minimise the effects of risk on an organisation’s capital and earnings

International Organisation for Standardisation (ISO)

risks affect organisations and can have consequences in terms of economic performance and professional reputation as well as environmental, safety, and societal outcomes

Risk management process

Anaylse and establish the context

Risk assessment

Risk treatment

Monitoring and reviewing

Communication and consultation

Anaylse and establish the context

Get a better understanding of the background of the organisation as well as the current situation that the organisation is facing

Risk assessment

Risk identification: The objective of risk identification is to identify the risks to the business and the opportunities

Risk analysis: The objective is to assess the risks and the opportunities to the organisation in terms of their probability (likeliness) and impact (positive and/or negative

Risk evaluation: Get an understanding of the individual risks and opportunities so that we can see the total impact when they are combined as well as their true net effect.

Risk treatment

to plan specific management responses to both the threats and opportunities identified during the risk management process

Monitor and review

React to early warning indicators to warn managers of the need to make risk management interventions, review whether the risk owners are implementing the responses for which they are responsible

Communication and consultation

to develop plans for communication and consultation at the outset of the risk management process

External risk communication

External reporting complies with legal, regulatory, and government requirements; furthermore, reporting should be timely, accurate, and complete

Internal sources of enterprise risk (define pg. 529)

Healthy and safety risk

Financial risk

Ethical risk

Operational risk

Project risk

Technological risk

External sources of enterprise risk (define pg. 539)

Political risk

Environmental risk

Economic risk

Legal risk

Market risk

Social risk