Understanding and quantifying risk as a means of improving decision making, prioritisation and control What is Risk? Risk is a condition in which there is uncertainty about the outcome of a particular future event — such as the length of a project, how many units of a new product will be sold or how interest rate changes over the next 5 years will impact an investment portfolio. Risk is normally equated with the adverse consequences of an outcome, but because risk deals with uncertainty, outcomes may actually turn out to be better than expected and represent opportunities for organisations. Indeed, controlled risk-taking is key to an organisation meeting its objectives. Risk applies to all types of organisation and activity, so understanding risk as a range of possible outcomes influenced by different variables contributes to better decision making and improved prioritisation. Furthermore, taking action to control risk means that an organisation will be better placed for minimising downside impacts and exploiting any upside opportunities. Risk can be described as objective or subjective forms and can originate at any level in the organisation and its business cycle — strategic/corporate/commercial/financial, business change, project and operations — all which must be addressed. ^ top of page How is Risk Assessed? Risk, together with costs and benefits are the three fundamental business variables that a business manager must control and take into account when taking decisions. Risk is assessed as part of a two stage process: Stage 1: Risk analysis involves the statistical identification, estimation and evaluation of risks in both qualitative and quantitative terms. Each risk is defined by specific attributes or parameters and once defined, can be categorised and prioritised to give a management focus Stage 2: Risk management involves implementing cost-effective ways to control the risk and optimise the chance of a desirable outcome. ^ top of page The AiM Approach to Risk Assessment AiM follows a structured approach to assessing risk, geared to the type of risk under scrutiny, whether the required analysis is simple deterministic or complex stochastic in nature, and the type of organisation. This approach comprises: - Undertaking an initial review, selecting the analytical tool/method, calibrating the tool and ascertaining the organisation’s attitude to risk.
- Holding risk identification sessions with subject matter experts.
- Building a risk and governance model, setting risk policy, documenting risks, estimating and evaluating risks, and setting priorities.
- Implementing and reviewing risk controls.
- Reviewing risks and the effectiveness of controls.
Risk assessments must be regularly repeated as risks will change over time. We find that the implementation of a management of risk framework, a risk policy and risk ownership at all decision-making levels in an organisation are the best ways to identify, evaluate and mange risks on an ongoing and committed basis. ^ top of page Benefits from using AiM - Qualified risk management practitioners
- Risk assessment specialists providing risk modelling and problem solving expertise in all industries and business scenarios
- Application of sophisticated risk models, tools and techniques which rapidly allow the best course of action to be evaluated
- Experience in corporate governance controls, standards such as COBIT and COSO, and risk related legislation/regulations such as Turnbull, Flint, Sarbanes-Oxley and Basel II
- Application of a risk-based approach to other areas of activity - business continuity, health & safety, programme/project management and ICT operational management
- Trainers and workshop facilitators in risk assessment and results interpretation.
AiM applies a range of industry standard risk assessment models, methods and techniques to address all scenarios — quantitative finance, business case development, marketing, programme/project management, supply chain, security and business continuity. These include: - Monte Carlo simulation, sensitivity analysis, scenario analysis, stress analysis, solution optimisation (genetic algorithms), input variable correlation
- Decision analysis, fault-tree analysis, risk transfer
- SWOT, cost-benefit analysis, IRR, EFQM, GQM
- Critical path, PRINCE2®, PRAM, MSP, PERT, BS6079, insurance premium method, PESTLE
- M_o_R® framework, risk registers, cause and effect diagrams, COSO ERM, Six Sigma, ISO/IEC Guide 73
- BIRA, BS 7799, PAS 56, CRAMM, ITIL® , HAZOP
^ top of page |
