Dr. Miranda has a DBA in International Business, and is an author and instructor of international business and risk management.
In the universe of business, risk is an everyday reality. At some point in your career, you will need to make a business decision that involves risk. In this course, we will examine how you can use risk analysis tools to help you effectively deal with risks.
Risk is fundamentally made up of two parts: the probability of something going wrong and the negative consequences of that failure. Failures can be caused by people, processes, systems, or events. While there are also positive risks, for the purpose of this lesson, we'll focus on negative risk.
Risk analysis identifies and manages the potential risk that can cause serious problems in your business. The goal of risk analysis is to identify your business's assets and value, identify threats to or any vulnerability in your business, quantify the probability of and impact of threats to your business, and provide an economic balance between the effect of the threat and cost of mitigation of the threat.
Risk Analysis Techniques
The first step in risk analysis is to understand risk context. Since risk doesn't exist in a vacuum, understanding risk in the context of organizational dynamics is important. You should consider the following questions before identifying risk:
Which areas of your company's strategic plan is supported by your business unit?
What are your business unit's strategic goals?
What are the critical services, products, or functions provided by your business unit?
What are the areas of internal/external dependencies or impact of your business unit?
The next step is to identify particular risks to your business. Generally, risk is categorized as follows: human, operational, reputational, legal, market, credit, procedural, technology, political, systemic, country, foreign exchange, and natural. Focus on risks that have the greatest probability to impact your business.
Process mapping is an effective visual tool to identify particular risks in your processes. In a process mapping diagram, you should identify the risk, assign a risk rating (high, medium, low), and provide a control, either to prevent failures from happening or detect them after they occur. Using industry software, you could automate the risk identification and control function within process mapping. Other tools that can help you identify risks to your businesses are SWOT (strength, weaknesses, opportunities, threats) analysis, scenario analysis, and failure mode and effects analysis.
Once you identified the risks to your business, you will need to quantify the risks. To do so, assign a probability of those events happening and the likely cost to fix them. The following formula is used to assign a financial value to a risk: Risk Value = Probability of Event x Cost of Event. For example, your export client called and said that he estimates that there is an 80% chance that his country will raise their tariff on vehicles. You estimate that the raising of tariffs on vehicles will cost you $500,000. So, the formula would be 0.80 (Probability of the Event) x $500,000 (Cost of the Event) = $400,000 (Risk Value). The risk value of $400,000 is high, so now you can now determine how to manage this risk.
There are several options to manage risk. Let's look at some of these now.
Over 79,000 lessons in all major subjects
Get access risk-free for 30 days,
just create an account.
First is avoiding risk. Run a cost/benefits analysis of the cost of the risk and mitigation. If the risk is too high or the cost of mitigating the risk outweighs the benefits, the best option is to avoid the risk. You could use an annualized loss expectancy (ALE), or the projected financial loss of an asset over a one-year period. For example, you own a business. You need to decide if the migration to a new server is an acceptable risk. Your current server generates about $500,000 a year. You determine a chance of being hacked to be 25%. Based on recent industry data, you determine three potential hacking incidents the first year. That is $500,000 x 25%. Then calculate 125,000 x 3. The ALE is $375,000. The potential risk to migrating to the new server is quite high.
You could also accept the risk, which is acceptable when the potential loss is less than the cost of risk mitigation, or the potential profits justify the acceptance of the risk. For example, you need to decide if a security service is cost-effective as the means to mitigate for the risk of being hacked. Your current server generates $100,000 a year. You estimate a 25% chance of the server being hacked the first year. The single loss expectancy is then 25% x 100,000 = $25,000. You could lose up to $25,000 in contracts if your server is hacked once. The yearly security service will cost you $150. The risk and cost of mitigation are acceptable. If you choose to accept the risk, continual monitoring and testing are essential to minimize negative impacts on your business or process. Key risk indicators (KRI) and/or a risk and control self-assessment (RCSA) are effective tools you should consider.
Another option is to share the risk with another department or with another company. The use of third-party services is a good risk management strategy.
Risk analysis can assist you in identifying, monitoring, and mitigating potential risks that can impact your business. The first step in risk analysis is understanding risk in the context of your organization and your business unit. A deep understanding of corporate and business unit dependencies is needed to identify the risk type unique to your business unit. The next step is identifying risks. Process mapping is a powerful tool that can visually aid in the identification of risk type, severity, and mitigating controls. The identification of risks is a very important step because it will help you determine the risks that need special attention.
After risk identification, you proceed to the quantification of the risk. Monetary value is assigned to the probability of the risk event. This step will help you decide how you will mitigate the risk or if you should mitigate the risk at all. The cost of some risks can be quite high while others can be low. Also, there are costs to mitigation of the risk and those vary in degree. Several options are available in risk mitigation. You can choose to reject the risk, share the risk, or accept the risk. Understanding the impact of each choice will assist you in making the optimal choice for your business.
Did you know… We have over 200 college
courses that prepare you to earn
credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the
first two years of college and save thousands off your degree. Anyone can earn
credit-by-exam regardless of age or education level.