1

Risk Management

2
 What is a Risk?

• A risk is ANYTHING that may affect the

achievement of an organization’s objectives.

OR

• It is the UNCERTAINTY that surrounds future

events and outcomes.

• An example of risk related to our organization is

the power outage.

3
 Types of Risks
Human Risks Natural Risks Technical Risks

Fraud Floods Hardware Failure

Theft Fires Software/App Failure

Human Error Earth Quick Lack of Technical Skills

Employee leaves company

4
 Risk Management

• The process involved with identifying, analyzing,

and responding to risk.

• Risk management is important in an organisation

because without it, a firm cannot possibly define
its objectives for the future.

5
 Goals of Risk Management

• The main goal of risk management is to make sure

that the company only takes the risks that will
help it achieve its primary objectives while
keeping all other risks under control.

• Reduction in material and property damage.

• Reduction in serious injuries and fatalities.

6
 Ways to handle risk

• Mitigate risk - To reduce its impact or exposure

• Ignore risk - To do nothing at all

• Transfer risk - Have an outside authority handle

your risk for you

7
 Phases of Risk Management

• Risk Identification

• Risk Assessment

• Risk Mitigation

• Risk Monitoring/Control

8
Risk Identification

• In this phase we should identify all the potential

risks that affect our business
• It is best done in a group environment.
• Wide number of people participate in this process
including:

Management, Employees, Customer, Other Stake

holders

9
Risk Assessment

• In the risk assessment phase, you take the recently

identified risks and prioritize them based on
damage impact.

• An example of a risk matrix may include:

HIGH, MEDIUM, LOW or CRITICAL, MAJOR,

MINOR

10
Risk Mitigation

Taking steps to reduce the effect of risk.

 Types of Risk Mitigation are:

• Risk Avoidance
• Risk Acceptance
• Risk Limitation
• Risk Transference

11
 Risk Avoidance
• In risk avoidance we completely eliminate the possibility of
the risk.
Example:
• Adopting a proven approach instead of a new approach

 Risk Acceptance
• Accept the risk if no action is feasible or
• If the impact is too small
• A company that does not want to spend a lot of money on
avoiding risks that do not have a high possibility of
occurring will use the risk acceptance strategy.

12
 Risk Limitation
• This strategy limits a company’s exposure by
taking some action.
Example:
• An example of risk limitation would be a company
accepting that a disk drive may fail and avoiding a
long period of failure by having backups.

 Risk Transference
• To transfer the risk to a third party.
Example:
• Insurance

13
 Risk Monitoring/Control

• Remember that all risk can never be completely

eliminated. It can only be managed.

• A procedure must be put in place to ensure that

risk is properly managed.

• Newly evolved threats are always appearing which

is therefore crucial to make a Risk management
plan a permanent law.

14
 Conclusion

Risk management is an integral competency of a

mature company.

15
16