Identify Risk And Apply Risk Management Process Essay


Discuss about the Identify Risk and Apply Risk Management Process.


Identification of risks

The increasing diversity of risks uncertainties is considered one of the most important factors that affects the performance organizations, impacting operations and their ability to achieve their objectives in their different operations and departments. Some of this for the BizOps business organization is discussed below.

Attracting and retaining personnel an employees: Loss of critical resources that will impact the business’ ability to deliver customer service, business results and stakeholder expectations is one of the most important risks. This kind of risks can severely affect the performance of the business. In addition to that, Rapid personnel changes at executive levels lead to gaps in ability to define and execute strategy.

Breaches in business and customer database: Risk of security breaches of business and customer data through cyber-attacks from hackers and sophisticated organizations. Gaps in control structure due to reliance on 3rd party vendors (Larson and Gray 2013). Risk of significant business impact of key systems not being available (websites, core operating systems, e-mail etc. through methods such as Denial of Service attacks and others).

Cultural difference: Differences in cultural and economic conditions between the different parts of Australia and other countries can form significant barriers possibly affect the success of the business organization.

Some other risks that are potentially strong in order to affect the business of Bizops

Lack of communication between suppliers and manufacturers

Lack of competence in supply base

Lack of resources in supply base

Political instability of supply base

Poor transportation and logistics of goods

Lack of design skill and technology at supply base

Tool and systems to monitor the risks continuously

Assessment of risk probability and their impact: This system is used to explore the probability that every particular risk that will happen and the potential impact on the business or its undertaken project, for example, plan, cost, quality or execution (negative impacts for risks and beneficial outcomes for circumstances), characterizing it in levels, through meeting or meeting with significant partners and reporting the outcomes.

Probability and impact matrix for the risks: This tool is helpful in rating risks for assist quantitative investigation utilizing a likelihood and effect framework, rating standards ought to be determined by the business organization in advance.

Assessment of the urgency of the risks: In some subjective examinations the assessment of risks rating can be joined with the risk positioning decided from the likelihood and effect lattice to give the final risk sensitivity rating (Larson and Gray 2013). Illustration of a risk requiring a close term reactions might be viewed as more pressing to address.

Risks classification/categorization: keeping in mind the end goal to decide the territories of the venture most presented to the impacts of instability. Gathering dangers by normal underlying drivers can help us to create compelling danger reactions.

Assessing risks by expert judgment: people who have involvement with comparable project in the not very inaccessible past may utilize their judgment through meetings or risk facilitation workshops in order to manage and mitigate the risks .

Risk inventory analysis


How it could happen

Consequence for the business

Existing controls in place to minimize the impact

Risk 1

(hacking in the business database)

By the intrusion of the hackers in to the database of the organization.

Loss of business and customer’s personal as well as financial data.

Lack of access policies and security mechanism

Risk 2

(cultural barriers )

Cultural barrier in different sections of the country.

Disruptions caused by changes in international, social,

political, legal and economic conditions

Hiring locals and having an effective CSR policy

Risk 3

(loss of critical resources)

Due to the lack of efficient and enough compensations the employees gets dis-satisfied.

Lack of resources

Compensation and benefits, Work/life balance, Clearly defined job descriptions and paths to promotion

Organizational procedures to document risks continually and accurately

Presently the organization uses the quantitative risk analysis process for documentation that quantifies probability and impact. That is, a numerical value is assigned and the risk assessed may be translated into terms of numbers and percentages (Larson and Gray 2013). There are many techniques adopted for quantitative risk analysis, namely, Decision Tree Analysis, Expected Monetary Value Analysis.

A Importance of finding the root for the risks

For any business organization, the risks management is meant to evaluate and take the necessary steps to increase the probability of success and reduce the likelihood of failure due to a certain risk, thus risk management specifically deals with the uncertainties inherent in any development intervention (Boud, Cohen and Sampson 2014). By identifying and evaluating the causes of the risks in the organization helps the management to better place control measures in order to be able to make informed decisions and this will lead to fewer losses and more gains.

Methods, techniques and sources of information used for the identification of the risks

Risk 1 (hacking in the business database): In case of this risk, the frequent anomalies in the business and customer data, as well as interruptions in the used applications are also can be thought as the source of information for the identification of the risks.

Risk 2 (cultural barriers): For this specific risk the Political, Economic, Sociological, Technological, Legal, Environmental (PESTEL METHOD) issues are used. Issues commonly used as a planning tool to identify and categorize threats in the external environment (political, economic, social, technological, legal, environmental)

Risk 3 (loss of critical resources): Record of issues faced and the actions taken to resolve them. Any issues that were formally identified as risks should be analyzed.

Part B


hacking in the business database

cultural barriers

loss of critical resources

Overall level of risk posed

















Implementing new policies for accessing database


hacking in the business database, cultural barriers, loss of critical resources

Control measures

Control measure



Implementation of access policies

Have different level of access and data can be secured.

Exposed to internal sabotage.

Installation of intrusion detection system

Intrusion to the data base can be detected earlier than ever.

Hiring and providing training to local employees.

Helpful in removing the cultural barriers that as obstacle in the business of the organization.

Implementing new customer retention policies and compensations

Effective use of the policies by the management of the organization.

Impact of risk on areas outside your responsibility

Customer dis-satisfaction due to the exposure of their data.

Personnel involved

Expected outcomes of the risk treatment plan

Secured database, better and improved business performance and greater market share.

Measures to evaluate the success of the risk treatment plant

Evaluation of All the Activities in the treatment Plan: It requires a thorough investigation of each activity of a risk management plan. Checking out the efficiency of all the activities and discovering the flaws in their implementation allow you to analyze the whole plan systematically.

Evaluation of the Business Environment: A thorough study and critical evaluation of business environment where a risk management plan is to be implemented is essential. Take time to assess, analyze and decide what exactly is required.

Possible Changes in inefficient Activities: After evaluating the effectiveness and efficiency of all the activities, try to make possible changes in the action plan to get desired results. It may be very time consuming but is necessary for successful implementation of your risk management plan.

Success of Changed Activities: After making changes in already existing activities and events of a risk management plan, go for a final review. Try to note down the possible outcomes of the changed activity and match them with the main objectives of the risk management plan. Go ahead in case they are in line with them.

Source of information for the measurement of the success of the success of the plan

Profitability in the business: The Risk Management program will assure that the firm maintains profit margins for risk at a level consistent with corporate goals.

Lesser risk exposure and losses due to it: The Risk Management program will assure that the firm maintains risk exposures to within corporate risk tolerances and appetites so that losses will not occur that are in excess of corporate goals.

The Risk Management program will assure that the firm avoids concentrations and achieve diversification that is consistent with corporate goals.

The Risk Management program will assure that the firm selects strategic alternatives that optimize the risk adjusted returns of the firm over the short and long term in a manner that is consistent with corporate goals.

The way available information can be used by the organization to improve the management of risks

With the available information about the risk management plan it will be easy for the management identification and evaluation of the risks that may arose in future, the next step involves the identification of alternative appropriate actions for managing these risks, the evaluation and assessment of their results or impact and the specification and implementation of treatment plans.

Since identified risks may have varying impact on the organization, not all risks carry the prospect of loss or damage. Opportunities may also arise from the risk identification process, as types of risk with positive impact or outcomes are identified.

Management or treatment options for risks expected to have positive outcome include: starting or continuing an activity likely to create or maintain this positive outcome; modifying the likelihood of the risk, to increase possible beneficial outcomes; trying to manipulate possible consequences, to increase the expected gains; sharing the risk with other parties that may contribute by providing additional resources which could increase the likelihood of the opportunity or the expected gains; retaining the residual risk.

The role of audit in monitoring and reviewing risk treatment plans

Without the audit of different risk treatment plans it is not possible find out the flaws that may not be suitable for a some specific risks. Thus may lead to

Failure to lead by example. Some people believe that risk management is busy work and resist the change. Without a consistent example by the project sponsors and project managers, team members will likely revert to their former ad-hoc methods (Boud, Cohen and Sampson 2014). How can we overcome this tendency? Leaders must set expectations, led by example, and demonstrate the value of risk management.

Failure to focus on the risks that matter. Some project managers start their projects with gusto. Their risk list is longer than War and Peace. However, no one knows which risks matter. When project managers fail to evaluate and prioritize risks, team members become overwhelmed and fail to take action. Be sure to prioritize the risks.

Failure to right-size risk management. Some project managers get a risk management plan template from their Project Management Office (PMO) or a project manager, and they never adapt the plan for their project. Consequently, the plan may have too much content for smaller projects or too little for larger projects. Work with your project teams to develop plans that fit the projects.

Failure to develop risk management habits. Some teams identify and evaluate risks, but they fail to continue the process. Projects are not static; things change. Teams must develop a habit of reassessing risks and modifying response plans in order to manage risks effectively.

Failure to identify risks early. Some project managers wait until things are out of control before they exercise risk management. Identify and evaluate risks early in new projects.

Failure to involve high-power / high-interest stakeholders. Powerful stakeholders have a way of showing up late in the game and disrupting project flow. These people have no evil intent. Once they discover the project, they seek to minimize impact to their interests. Identify, engage, and communicate with key stakeholders early and consistently.

Failure to be transparent. There are times when it’s appropriate to withhold information. When possible however, make your risks known. Share the risks with your team and the stakeholders. Ask for their help.

Thus, by auditing the used risk treatment plan, it can be said that as it is a continuous improvement process and is a part of the risk management process (Boud, Cohen and Sampson 2014). The audit in the organization Supported throughout the organization through positive, apparent responses

Through the audit process it should examine all the results of risk management activities, and this should be a key and continuous part of the risk management process. Continuous review and improvement relies on good communication.

It also relies on people who understand and accept the need for risk management processes. For the top level management it is important that they provide appropriate training and support to your team for the risk management processes that they are involved in.


Boud, D., Cohen, R. and Sampson, J. eds., 2014. Peer learning in higher education: Learning from and with each other. Routledge

Fleming, Q.W. and Koppelman, J.M., 2016, December. Earned value project management. Project Management Institute.

Kerzner, H., 2013. Project management: a systems approach to planning, scheduling, and controlling. John Wiley & Sons.

Larson, E.W. and Gray, C., 2013. Project Management: The Managerial Process with MS Project. McGraw-Hill.

Mir, F.A. and Pinnington, A.H., 2014. Exploring the value of project management: linking project management performance and project success. International journal of project management, 32(2), pp.202-217.

How to cite this essay: