Risk Management – Essential and Complete Corporate Governance System

Risk management is a known element of an essential and complete corporate governance system. It is defined as a mix of activities that effectively reduce the negative impact of risk exposure on the company’s projected profits, cash flow, and consequently, the value of the organization. Effective risk management is regarded as an important factor that determines the survival and success of an organization.

While risk management is not a new concept, it has recently garnered attention and become moreassertive in the supply chain sector.

According to the 2013 Polish Journal of Management Studies by Ennouri W, the topic of risk management in the supply chain has been widely addressed since 2003. The risks identified in 2003 can be categorized as follows.

• Calculated Risk: Influences the business action plan and overall implementation.
• Operations Risk: Impacts a company’s internal strength to produce and supply goods and services.
• Supply Risk: Critically influences the internal flow of an asset, allowing tasks to proceed.
• Customer Risk: Influences the probability of clients placing orders, factoring in elements such as item obsolescence, and market risk.
• Asset Unfit Risk: Decreases the usability of an asset, which can emerge when the asset’s income-generating ability is reduced.
• Competitive Risk: Affects the company’s ability to differentiate its products/services from its competitors.
• Reputation Risk: Erodes the value of the entire business due to a loss of credibility.
• Financial Risk: Exposes an organization to potential loss through changes in financial markets.
• Fiscal Risk: Emerges through changes in taxation.
• Regulatory Risk: Exposes the company to changes in regulations that affect the organization’s business.
• Legal Risk: Exposes the firm to potential litigation arising from clients, suppliers, shareholders, or employees.

Concept of Risk:

Risk is an indeterminate event or condition that, if it occurs, can have a positive or negative impact on a project’s objectives. Although the concept of risk often incorporates both positive and negative effects, the tools that are developed only measure and assess risks, or the negative effects. Any opportunities, the positive effects, are often overlooked in tool development. Identifying and leveraging opportunities provided by the market is as crucial as identifying and avoiding potential risks. While recognising and avoiding risks can help avert or reduce future losses, identifying and acting on opportunities facilitate profit maximisation.

Risk Management Plan and Process:

Risk Management is a continuous procedure that proceeds throughout a project’s lifecycle. It includes processes for risk management planning, identification, analysis, monitoring, and control. Many processes are updated throughout the lifecycle as new risks are identified. The goal of risk management is to reduce the likelihood and impact of events adverse to the project and, on the other hand, any event that may have a positive impact.

The purpose of risk management is to ensure levels of risk and uncertainty are identified and then properly managed according to the plan. This will help ensure that a potential risk to the delivery of outputs (level of resourcing, time, cost, and quality) and the realization of outcomes/benefits by the Business Owner(s) is appropriately managed for the project to be completed successfully.

The risk management process is “the systematic application of management policies, procedures and practices to the tasks of establishing the context, identifying, analyzing, evaluating, treating, monitoring and communicating risk”.

Risk Management Steps:

• Operational Risks: Operational risks affect the everyday tasks of an organization. These may include Human Assets, Processes, Technology, Sales, and Safety.
• Legal Risks: Legal risks impact the legal position of the organization. Compliance with these risks affects the legal and organizational requirements of the organization.
• Market Risks: Market risks impact the standing of the organization in the market in which it operates. These risks affect the value of an investment due to the risk and influence of market forces.
• Credit Risks: Credit risks impact the credit ratings or credit standing of the organization.
• Actuarial Risks: The risk lies in the assumptions that actuaries incorporate into a model to price a specific insurance policy or rating model, which may prove incorrect or somewhat inaccurate.
• Financial Risks: The risk that returns on an investment will be different than anticipated.
• Miscellaneous Risks: Various other risks that impact the organization’s ability to operate in some way.

Assigning Risk Action:

A Risk Action Plan portrays how the group will implement the organization’s preferred treatment options to manage the identified risks. After completing the Risk Register, it is helpful to determine where the workshop risk can be reduced and minimized through additional management strategies. This is known as a Risk Action Plan.

For a Risk Management Action Plan to be effective, it should contain specifics, including identifying risks upfront, analyzing how risks will impact a project, potential risk planning, and monitoring risk. Monitoring risk is performed by controls set within the Risk Management Plan.

An Integrative Contingency Model of Software Project Risk Management:

Over the years, several aspects of software project risk management have been studied using a variety of approaches. Since the 1970s, both academics and practitioners have written about the dangers associated with overseeing software projects. Unfortunately, much of what has been written on risk relies either on anecdotal evidence or on studies limited to a narrow segment of the development process. In a recent literature survey, empirical studies on software risk management published during the 1978-1999 period were analyzed for their content, research purpose, research timeframe, theoretical foundations, and research approach. This study revealed a field rich in approaches, ranging from action research and case studies to surveys and lab tests.

Despite these strengths of past research, certain weaknesses were also identified. One weakness stems from the fact that while software risk management studies have examined various aspects of software risk management (e.g., the nature of risk itself and its antecedents, risk analysis methods, risk management heuristics, risk resolution strategies, management interventions, or achievement of goal levels), the relationships between the various research constructs have been weakly examined. Another weakness is related to the research purpose (i.e., discovery versus testing) of the studies examined. More than two-thirds of the 34 reviewed articles had a discovery rather than a testing focus. In addition, only five articles, drawn from two studies, tested a priori hypotheses that incorporated more than two variables related to software risk management. Another significant weakness relates to the prevalence of only a single data collection period, with 25 of the 34 studies having collected data at a single point in time.

The diversity of software risk management studies and their related weaknesses point to a relatively scattered literature where empirical studies of a more integrative nature are needed. The present study is an effort in that direction. Adopting an information processing perspective of organizations and drawing both from research in software project risk management and from the contingency perspective research stream in organizational theory, this paper develops an integrative contingency model of software project risk management. The central hypothesis of the model is that the performance of a software development project is influenced by the fit between the project’s level of risk exposure and its project management profile. Using a profile deviation perspective of fit, this hypothesis is tested for a specific project management profile, one that is characterized by the levels of internal coordination, formal planning, and customer involvement used in managing a project.

Risk Exposure:

In general risk literature, the likelihood of an unacceptable result is termed as “risk”, while “risk exposure” is defined as this probability multiplied by the potential loss of the unsuitable result. It is important to note that this paper has adopted this latter definition. In certain contexts, the probability of occurrence of an undesirable result can be assessed based on the past performance of the object under scrutiny.

Risk exposure is assessed with the measure proposed, which is replicated in the Appendix for the reader’s convenience. Accordingly, project characteristics that increase the probability of project failure are presented.

Risk Identification:

Risk identification involves determining which dangers are likely to affect the project the most. It includes identifying threats that can lead to project outputs being delayed or reduced, costs becoming accelerated or increased, and output quality (suitability for the purpose) being reduced or compromised. For most large and complex projects, multiple high-level risks should be identified during the project initiation stage. These should be used as the basis for a more thorough analysis of risks in the project.

Risk Review:

Review and monitoring should be a planned part of the risk management process that includes continuous checking or observation. The outcomes ought to be recorded and revealed both externally and internally. Responsibilities for monitoring should be clearly defined.”

Did you like this example?

519

27