1- Preparing the interior for risk management:
This activity aims to build readiness and acceptance to streamline the risk management process in the organization. This activity increases the level of awareness of the employees in the risk management in the organization to serve as a solid basis for deploying the following processes. At this stage, the philosophy of risk management in the organization and the need for managers’ risk orientation are explained by senior management and their professional and ethical requirements are formulated. At this stage, risk management training is established and with proper organization, authority and accountability are identified.
The organizational risk management process is intertwined with the strategic management process in the organization. Since the uncertainty areas of the business environment of organizations are very wide, risk analysis of all these areas is neither possible nor useful, so risk management is usually done in areas that are strategic in the analysis of the organization. In other words, risk management is at one stage used as a way of identifying opportunities and threats to the organization as one of the strategic management processes and at another stage of the strategic management process, as a tool for achieving An organization’s confidence in achieving its strategies is used. Since risk management is based on event analysis, risk identification and impact assessment and is somehow based on scenario analysis, it can provide greater depth for strategic and internal environmental and organizational analytics. Increase their accuracy.
Another concept that emerges from the confluence of organizational risk management and strategic management processes is the concept of risk tolerance. Each of the organization’s quantified strategic goals is within acceptable range, and if the results of the midterm objectives monitoring measure the results within the tolerance range, the organization’s managers must take appropriate action to achieve the relevant goal, Ensure that this exposure is planned and implemented in the organizational risk management process.
3- Identifying risk events:
In the term of corporate risk management, events are events that originate from the environment and the internal environment of the organization and affect the achievement of strategic goals. These effects will be positive in some cases and negative in others. At this point, the risk analyst management reviews and collects environmental and internal uncertainties, no matter how likely they are to occur or how they will affect them. These events range from visible to very ambiguous situations and identify these events by focusing on the strategic goals of the organization. Event identification helps organizational risk analysis to be scenario-driven, and the dynamics of the analysis resulting from this attribute leads to greater accuracy of the strategic review of the organization, as each event can affect different approaches and achieve the organization. To influence its strategy. Areas where events can originate include macroeconomic, natural and environmental, social, political and technological. In the advanced case, the organization can use forward-looking models for risk analysis of events.
4. Risk assessment:
Risk assessment allows the organization to analyze the extent and severity of each of the contingent impacts of business environment uncertainty on its strategies. In most methods, risk assessment is based on two components of probability (like hood, probability) and severity (impact, severity) and usually on the basis of a combination of quantitative and qualitative methods. At this stage, the different scenarios of the positive or negative impact of the events are examined and the outcome of the risk assessment is compared with the tolerances intended for the strategic purposes. Various methods and patterns such as Benchmarking, Probabilistic Models, Non-Probabilistic Models, Failure Mode and Impact Analysis (FMEA), etc. have been developed in the risk assessment phase. Can be used.
5. Exposure Method:
The most important link in the organizational risk management chain is proper risk analysis. The ways in which an organization should ensure that the harmful effects of risk aversion are mitigated or eliminated or opportunities arise from the uncertainties of the business environment. Risk exposure methods are generally classified into four categories: avoidance, mitigation, transfer and acceptance.
5.1 Avoidance: Avoidance of activities that cause the event and the risks of the relevant scenario or the abandonment of the strategic objectives that come from taking a particular risk. This exposure can be related to the organization as a whole, product line or geographic area.
5.2 Reduction Exposure: Decisions taken to reduce the likelihood of occurrence or severity of the risk of an event occurring with a particular scenario.
5.3 Exposure to Transfer: Measures that reduce the likelihood of occurrence or severity of risk resulting from the transfer of a share of risk to another organization or individual, such as insuring the organization against a specific event.
Risk Acceptance: No action is taken to ensure that the organization is impacted by the risk with the probability and severity of the impact.
Naturally, the way to deal with the strategic risks (opportunities) is to accept them and expose the organization to scenarios through which the goals of the organization may be studied. But in the case of negative risks, it is usually the risk range of the organization based on the severity and probability of each risk and cost analysis.