HOW TO IDENTIFY AND MITIGATE RISKS

-


“The term risk management refers to a set of processes through which an organization identifies, analyzes, quantifies, mitigates and monitors the risks associated with its activity”.

First of all, a risk management system must be provided. It will be important to have or implement policies or procedures that help define risk management guidelines, so that processes, but also individual projects or activities, become an integral part of the organization and thus allow everyone to identify and control them.

The risks or opportunities that may arise from internal or external events related to the context of the company. In this phase, the resources involved (roles and responsibilities of people in relation to the risks), the tools to be used to analyze the risks, the scales to measure them, the follow-up times with the mitigating actions to be implemented. they are identified.

RISK IDENTIFICATION

It is important to identify all the fixed or variable factors that must be controlled; therefore, the system to be monitored must be identified. Why is the concept of system important? Because it allows to define:


“Scope of the planned activity; any regulatory, technological or economic restrictions; the possibility of dividing the system into subsystems to better understand their interaction and the consequences that modifying one of them would have on the system as a whole; all interactions with other external systems; and the presence of possible cases that have already occurred, with the consequent application of the solutions already adopted."

This phase can be constructed using a variety of methods, including:

  • Specific Questionnaires : For example, a questionnaire that collects all the information related to a specific treatment of personal data in order to identify the best protection of the affected people based on the identified risks or the need to face a DPIA. 
  • Control : that is, risk lists preloaded from previous experiences, which on the one hand allow to speed up the analysis, on the other hand the risk by focusing only on the risks they contain;
  • Brainstorming: once all the ideas have been collected, it can lead to the formulation of a common document;
  • The SWOT matrix – is used to identify strengths, weaknesses, and opportunities or threats.

RISK ANALYSIS:

After collecting all the risk factors, we will analyze them one by one. Using the mathematical formula, risk can be defined by the simple equation R = P x D , according to which risk is the probability that a specific event will cause harm. Whether considered in its negative (threat) or positive (opportunity) definition, the combination of these two factors will always have an impact on the system we envision.


Simple, but effective in my opinion, given an event, it measures the probability of that event and the severity of the event. For each factor, we identify a measurement scale to which we can possibly assign an interpretation of the numerical data (for example, to occur, the conjunction of several exceptional events would be needed; a severity equal to 1 can mean that if the event occurred, would have no impact on the system in question).

WHAT ACTIVITIES CAN A COMPANY PERFORM TO REDUCE THE RISKS IT FACES?

We assume that the risk is given by the combination of the 3 components:

  • Probability chance
  • Severity (impact) of the consequences of an event that causes or is likely to cause harm (where harm also means loss of opportunity)
  • Vulnerability

Identification and evaluation are the first two decisive phases for the next management phase: it is much more important to correctly identify the risks and the triggering cause.

Once potential risks are identified, you can measure and assess your vulnerability, understand your risk profile, and decide how to allocate risk management resources effectively. More consistent prediction of the frequency/impact of damaging events ensures better risk management and therefore lower risks, lower costs and higher value for the business.

Vulnerability: understood as a vulnerability that can allow threats to affect assets.

Therefore, it is necessary to identify vulnerabilities or vulnerabilities.

Examples of vulnerabilities:

  • Unauthorized access
  • natural events
  • food instability
  • terrorist activity
  • dependence on a person
  • User or operator errors
  • Fire
  • resource theft

Quantify vulnerabilities:

Vulnerability levels are calculated based on currently existing countermeasures. The risk analysis process must identify the weaknesses and their scope.

The fact that there may be unique interactions between threats and vulnerabilities, and multiple mutual interactions between them, creates the concept of aggregate risk, which is nothing more than the sum of the sub-risks that affect each individual vulnerability. Therefore, the risk analysis process tends to identify all the risks that threaten the process of achieving the objectives in order to move on to the next step.

The various mitigation strategies therefore intervene in 

these three main elements and can be grouped into four 

main approaches:

  • Avoid the risk: In this case, the company decides to avoid the risk by refraining from the activity that could cause it. Obviously, this method has serious limitations, mainly because it gives up the benefits that the business could bring.
  • Reduce risk: thanks to the knowledge of its risks, the company can define a series of activities that reduce the probability or impact of the risk. Risks can be reduced by establishing standard operating procedures, defining and implementing staff training and education activities, implementing security methods (eg duplication of documents, selection of suitable locations, preventive maintenance, etc.).
  • Risk transfer: We do not understand risk transfer as the physical transfer of risk itself, but rather the use of insurance coverage that covers the economic consequences derived from the realization of the risk in the event of an accident. It goes without saying that this procedure can only be implemented if the risks covered are very rare and of limited importance, otherwise the transfer would not be economically viable.
This type of approach can be a double-edged sword: the company steps in by transferring the risk, often thinking that it no longer has to bear it. On the other hand, the combination with other risk treatment methods is essential, in particular reduction, which allows reducing transmission costs as well as possible losses in the event of the harmful event.

  • By deductible risk, we understand the situation in which the company refrains from any intervention and assumes all the consequences of the harmful event that has occurred. Depending on the case, it represents a more or less justified corporate policy choice and is generally limited to risks whose probability of occurrence and impact is low.

When it comes to non-transferable risks, risk retention becomes an obligation. These risks are risks that cannot be transferred either due to a lack of coverage in the market or because the effort involved is so great that their use is effectively prevented.

Conclusion

Of course there is no single good strategy, but what matters is that everything is done knowingly, after having clarified all the processes that are put in place on a daily basis and the associated risks. This is the only way to know the costs and benefits of each choice and to minimize unpleasant and unwanted "surprises".

 

Comments

Post a Comment

Popular posts from this blog

The Most Important Economic Problems in the World according to millennials

-
Image
The World Economic Forum (WEF) recently released its annual Global Shapers survey, which asks millennials about their priorities, concerns and attitudes around the world. More than 31,000 people aged 18 to 35 from 186 countries took part in this study on the impact of technology on employment, their trust in the media, corporations and government, and the importance of work in their lives. Discover the 6 most troubling economic issues facing the world from an 18-35 perspective. 1. Responsibility and transparency of governments, corruption - 22.7% Good governance, like accountability and transparency, enables citizens to hold governments accountable for achieving better development outcomes, as it encourages civil society participation in decision-making and enhances transparency. Leads the creation and implementation of anti-corruption strategies and tactics. "Transparency" is the government's obligation to share information with citizens to make informed decision...
Read more

WHAT IS A TORNADO AND U.S.A WINTER STORM

-
Image
  A tornado is a violent and rapidly rotating column of air that is in contact with both the surface of the Earth and a cumulonimbus cloud. Tornadoes are capable of causing significant damage to structures, vehicles, and natural landscapes, and they can also result in fatalities and injuries. The United States has a long history of tornadoes, and some of the most destructive and deadly tornadoes have occurred in the country.  Here are some notable historical tornado events in the US: 1)     The Tri-State Tornado of 1925: This tornado is the deadliest tornado in US history, with 695 fatalities and over 2,000 injuries. The tornado traveled over 200 miles through Missouri, Illinois, and Indiana and was rated as an F5, the most severe rating on the Fujita scale. 2)     The Joplin Tornado of 2011: This tornado struck Joplin, Missouri, on May 22, 2011, and was rated as an EF5, with winds over 200 mph. The tornado caused 158 fatalities and over 1,000 ...
Read more