...failure of risk management: a book review with 7 comments Introduction Any future-directed activity has a degree of uncertainty, and uncertainty implies risk. Bad stuff happens – anticipated events don’t unfold as planned and unanticipated events occur. The main function of risk management is to deal with this negative aspect of uncertainty. The events of the last few years suggest that risk management as practiced in many organisations isn’t working. A book by Douglas Hubbard entitled, The Failure of Risk Management – Why it’s Broken and How to Fix It, discusses why many commonly used risk management practices are flawed and what needs to be done to fix them. This post is a summary and review of the book. Interestingly, Hubbard began writing the book well before the financial crisis of 2008 began to unfold. So although he discusses matters pertaining to risk management in finance, the book has a much broader scope. For instance, it will be of interest to project and program/portfolio management professionals because many of the flawed risk management practices that Hubbard mentions are often used in project risk management. The book is divided into three parts: the first part introduces the crisis in risk management; the second deals with why some popular risk management practices are flawed; the third discusses what needs to be done to fix these. My review covers the main points of each section in roughly the same order as they appear in the book. The crisis in risk management There...
Words: 3167 - Pages: 13
...LEAN PROJECT MANAGEMENT Assessment of project risk management processes NEUS ALCARAZ BOSCÀ Master of Science Thesis Stockholm, Sweden 2012LEAN PROJECT MANAGEMENT Assessment of project risk management processes by Neus Alcaraz Boscà Master of Science Thesis INDEK 2012:36 KTH Industrial Engineering and Management Industrial Management SE-100 44 STOCKHOLMi ACKNOWLEDGEMENTS Firstly, I would like to thank my supervisor, Johann Packendorff, from the School of Industrial Engineering and Management at the Royal Institute of Technology, for accepting me in his department and for giving me good and useful guide. Secondly, thanks to all my family for being during all this year at the other side of the screen making me much easier the way. Especially, thanks to my sister, Maria, for spending some of her spare time giving me very good advice in the writing of this thesis, and above all, for being such a good example of effort and overcoming during my entire life. Thanks to Marcos, for being always so kind with me, and forsupporting me not only this year but also all these years of study. Finally, I would like to thank all my friends for having always something fun to tell, cheering my day up despite being so far. Thanks especially to Pau and Lidia for coming to visit us and spend wonderful days together, and also to Marta, Patri and Ceci for being always there to me. I would like to dedicate this thesis project to my grandma, for having taken such good...
Words: 2800 - Pages: 12
...Risk mitigation techniques Risk management involves the process of continuous identification of the risk factors and devising way and methods of dealing with them. The identification process can be done using different types of models depending on the type of organization being analyzed (Chapman, 1996). Dr. Kallman a professor of risk management, has several techniques which he has discussed regarding the risk management which will be compared with other techniques recommended by other authors like Victoria Duff. Understand the risk According to Dr. Kallman on risk management, he has given the following techniques to be used. Dr. Kallman says that before giving the mitigation techniques to the risk, there must be identification of the risks. A risk manager should understand the type of risks which are likely to face a firm and list them down. This is what we call risk identification. For one to know this, there must be clear understanding of the companies’ goals, mission and objective. From these factors, the risk that is likely to face an organization can be identified easily. When the risks have been identified, they can be categorized to three distinct groups such as, operational, strategic and economic. Strategic risks include those risks with long term varied effects on the firm and they are composed of factors like, the reputational risk, quality risk and brand risk. The next set of risk is operational risks which include things like the hazards which expose the business...
Words: 1398 - Pages: 6
...Applying Risk Management Table of Contents 1 Introduction 2 2 Aspect 1: Risk Analysis 2 3 Aspect 2: Risk Monitoring and Control Stage 3 4 Conclusion 5 5 Reference 6 1 Introduction In our attempt to cover all areas of the Risk Management process within such a small time frame, some areas of this Project Management principal were briefly covered or overlooked. In my opinion the following two key aspects could have been better managed by our group towards the contribution of the final presentation: • Risk Analysis Stage within the Risk Management Cycle (Refer to Figure 1 and 2) and, • Risk Monitoring and Control Stage (Refer to Figure 1 and 2). 2 Aspect 1: Risk Analysis In our final video submission we specifically focused on one of the two methods used to undertake Risk Analysis, which was qualitative. The qualitative approach is the most used method due to its usually rapid and cost effective means of establishing priorities for Risk Response Planning (PMBOK,2004), thus the reason for our focus. But there are two problems with this approach first their meaning can be widely interpreted and secondly you cannot do much with them except to have biased rules about combining them and taking this as an indicator of the overall significance of the risk.(Department of Commerce, 2004) The Quantitative method is the other technique used in Risk Analysis which was only briefly mentioned in the final presentation due to reasons discussed...
Words: 1364 - Pages: 6
...Risk Management in Construction Projects Using Combined Analytic Hierarchy Process and Risk Map Framework Satyendra Kumar Sharma* This paper aims at developing a risk management framework for project risk management in construction projects and demonstrate its application in an ongoing construction project in Amravati, Maharashtra, India. The various risk factors encountered in construction projects and various risk management methods already in use are identified and then a framework is developed which combines the Analytic Hierarchy Process (AHP) and risk map methods. The data was collected from various stakeholders in the construction project. The findings reveal that the proposed framework helps managers to objectively find out the most important risk factor associated with the project and accordingly work towards risk minimization. Introduction Construction projects in today’s world are marred by risks which delay the completion of projects on time or result in excessive cost overruns. These losses are multiplied if the size of the project and investments made are huge. These risks may include unavailability of materials, erratic weather changes, lack of funds, low quality of sub- contractors (Wu and Olson, 2009), etc. Though the managers realize the importance of these risk factors and mitigating them, they fall short of an objective method to manage these risks based on a priority basis (Martin, 2006). They mostly use ad-hoc or unscientific methods like rule of thumb...
Words: 2032 - Pages: 9
...Introduction Risk management is the process of identifying vulnerabilities and threats to information resources used by a company in reaching business objectives and deciding what measures to take in reducing risk to an acceptable level. An effectual risk management process is an essential component of a successful IT security program. The paramount goal of an organization's risk management process should be to protect the organization and its ability to perform their mission, not just its IT assets. With that in mind, the risk management process should not be treated primarily as a technical function by IT experts, but rather as an essential management function of the organization. The objective of performing risk management is to enable the organization to accomplish its mission(s) (1) by better securing the IT systems that store, process, or transmit organizational information; (2) by enabling management to make well-informed risk management decisions to justify the expenditures that are part of an IT budget; and (3) by assisting management in authorizing (or accrediting) the IT systems on the basis of the supporting documentation resulting from the performance of risk management . “Effective risk management begins with a clear understanding of the organization's appetite for risk2. This drives all risk management efforts and impacts future investments in technology. Risk management encompasses four key elements: Risk identification, risk mitigation, risk acceptance...
Words: 3059 - Pages: 13
...Information Technology risk management currently plays more and more important role in almost all aspects of contemporary organizations functionality. It requires reliable and cyclical realization of its key task which is risk analysis. The field of risk assessment and risk management is becoming increasingly more complex as we go through Operations, Audit, Compliance, Budgeting and the many other facets of business. Quantitative and qualitative methods are two fundamental groups of methods are applied for analysis of risk on which assets are exposed in organizations. Quantitative method identifies the risks and quantifies them based on a numeric scale, e.g., 0.0 to 1.0 or 1 to 10; and qualitative, which is based on gaining a general impression about the risks so as to qualify them. The process uses subjective terms like "low to medium," "high or poor" "good to excellent," instead of numeric values. Following are the most important advantages and disadvantages of the qualitative and qualitative methods of IT risk analysis. Advantages Quantitative methods: They allow for definition of consequences of incidents occurrence in quantitative way, what facilitates realization of costs and benefits analysis during selection of protections. They give more accurate image of risk. Qualitative methods: It allows for putting in order risks according to priority. It allows for determination of areas of greater risk in a short time and without bigger expenditures. Analysis is relatively...
Words: 661 - Pages: 3
...years, our banking system underwent rapid development which includes how they handle different risks to survive in their industry. As the financial activity has become a major economic activity in most economies, any interference or imbalance in banking system’s infrastructure will have significant impact on the entire economy. So to avoid any disruption on this, different banks used their own risk handling methods otherwise called a risk management as their key solution on this. Risk is a situation involving exposure to danger. It is the possibility that something unpleasant will happen. It may be also an object (person or thing) that creates or intensifies a risk situation. It may be also a scenario that can be described (qualified, if not quantified) and that may be damaging, in any way, to an organization or institution. It may cause a “loss” directly or indirectly. Any manage and control of potential risks is called risk management. It has a big part in any organization or an institution to have awareness. In the field of banking, it is an industry called as risky business and there is always a management as front-runners when it comes to risks. Risk management approve and monitor risk limits, limit exceptions, new forms of transactions and function as eyes and ears of senior management with regard to risk taking of business. Due to these various uncertainties and risks, bank managers need...
Words: 8543 - Pages: 35
...Information Technology Risk Management Risk management is the continuing method to recognize, examine, appraise, and treat loss exposures and monitor risk control and financial resources to diminish the adverse effects of loss (Marquette). Every company has a goal. In this internet age, as companies use computerized information technology systems to manage their data for better support of their goals, risk management plays a crucial role in defending a company’s information technology‘s resources and its goals from information technology’s risk. A successful risk management method is an important component of an effective information technology security program. The primary goal of a companies risk management method should be to protect the company and its ability to accomplish their task, not just its information technology’s assets. Therefore, the risk management method should not be treated primarily as a technical function carried out by the information technology professionals who control and administer the information technology system, but as a necessary management function of the company (Stonebrner). Risk management is the method that allows information technology supervisors to assess the operational and economic expenses of protective measures and achieve gains in operational capability by keeping the information technology systems and records that support their company’s goals. This method is not unique to the information technology environment; indeed it...
Words: 1274 - Pages: 6
...1.1 INTRODUCTION: Risk Management & Internal Audit (RMIA) is a field that has involved a great deal with the different types of risks in ACI. It began as primary clerical operation concerned with payroll; risk records and arrange different types of training on risk management. In the 1960s, globalization, competition, merger acquisition forced Risk management & Internal Audit department to become more concerned with cost, management policy, risk related policy and the implications Finance and Accounting strategic for both organization and employees. Risk Management & Internal Audit (RMIA) is the process of analyzing an organizations risk management needs under changing and developing activities necessary to meet these needs. ACI Ltd is a multi disciplinary firm engaged in various activities related to Pharmaceuticals, Formulations and other associated business. Unlike other private company in Bangladesh ACI is unique in Risk Management & Internal Audit. They have a separate RMIA section and dedicated officials for taking care of Risk Management & Internal Audit and development. Therefore, it is very much essential to undertake an in-depth study on Risk Management & Internal Audit practice in ACI Ltd. 1.2 Objective of the Study The main objective of the report is to fulfill the requirement of BBA program. For this I had to attach with an organization and I chose ACI Limited. For this I have some practical job related experience with my...
Words: 593 - Pages: 3
...Chapter 7: Assessing Risk and Internal Control Audit Risk Assessment: Auditing is fundamentally a risk management process. Audit risk is related to information risk that financial statements are materially misstated. -lower audit risk by performing more audit work that will give them a high level of assurance that the financial statements are correct. 1) INHERENT RISK (IR)- the probability of material misstatement occurring in transactions entering the accounting system or being in the account balances. Auditors do not created or control inherent risk. Can only assess its magnitude based on prior experiences, management bias, and the nature of the transaction. Look at characteristics of clients business, types of transactions, and effectiveness of accountants. 2) CONTROL RISK (CR): risk that the clients internal control system will not prevent or detect a material misstatement. Auditors do not create control risk, they assess probability of failure to detect material misstatements. Assessment is based on study and evaluation of the company’s control system. **Control risk should not be assessed so low that auditors rely entirely on controls and do no substantive work. 3) DETECTION RISK (DR): the risk that any material misstatement that has not been corrected by the clients internal control will not be detected by the auditor. **Auditors can control this risk by conducting substantive (balance audits) tests. (include: audit of details of transactions and balances, and analytical...
Words: 1014 - Pages: 5
...Workman Information Security Management RISK ASSESMENT Information systems have long been at some risk from malicious actions or inadvertent user errors and from natural and man-made disasters. In recent years, systems have become more susceptible to these threats because computers have become more interconnected and, thus, more interdependent and accessible to a larger number of individuals. In addition, the number of individuals with computer skills is increasing, and intrusion, or “hacking,” techniques are becoming more widely known via the Internet and other media. Arisk assessment is not about creating huge amounts of paperwork , but rather about identifying sensible measures to control the risks in your workplace. You are probably already taking steps to protect your employees, but your risk assessment will help you decide whether you have covered all you need to. Think about how accidents and ill health could happen and concentrate on real risks – those that are most likely and which will cause the most harm. For some risks, other regulations require particular control measures. Your assessment can help you identify where you need to look at certain risks and these particular control measures in more detail. These control measures do not have to be assessed separately but can be considered as part of, or an extension of, your overall risk assessment. Although all elements of the risk management cycle are important, risk assessments provide the foundation...
Words: 3691 - Pages: 15
...Running head: JIT2 (RISK MANAGEMENT): TASK 1A 1 JIT2 (Risk Management): Task 1A It has been stated that, "Denial is a common tactic that substitutes deliberate ignorance for thoughtful planning," Charles Tremper (n.d.) who authored various risk management books. We have been hired, as a consultant in our first task is to create and present to management of business contingency plan combined with risk management to our new client. There has been some concern from both the IT department and legal departments about personal identifiable information sensitive information, client records, and other sensitive information regarding the ethical use and protection of this information. Our goal is to have client confidence along with some sense of job satisfaction; therefore, our boss has informed us that we get to choose our very first client. Our selection can be the place we actually work, any local business, or even a Fortune 500 company. One requirement is that our client must operate globally throughout its business. We will exclude any proprietary information, confidential information, or anything that can be considered sensitive. No names of real people involved with the business, any suppliers, or anything else that could be identifiable will be used. Instead we will only use made-up or fictional names for this task. No actual financial data will be used but rather be addressed using vague or generic terms when appropriate. Due to concerns in the global marketplace...
Words: 3310 - Pages: 14
...Thesis for the Degree of Master of...? INCORPORATING LIQUIDITY RISK INTO VAR MODEL TO IMPROVE RISK MANAGEMENT AND APPLYING THE LIQUIDITY ADJUSTED VALUE AT RISK MODEL ON VIETNAMESE STOCK MARKET Student: Ten truong: Ten khoa hoc: September, 2012 INCORPORATING LIQUIDITY RISK INTO VAR MODEL TO IMPROVE RISK MANAGEMENT AND APPLYING THE LIQUIDITY ADJUSTED VALUE AT RISK MODEL ON VIETNAMESE STOCK MARKET by student Avised by Ten giao su Submitted to Ten khoa of Ten truong in the partial fulfilment of the requirements for the degree of Master of ...? Dissertation Committee ...Ten thanh vien hoi dong ABSTRACT In this paper, based on Bangia et. al (1999) Liquidity Adjusted Value at Risk, an explanation and demonstration for the importance of integrate liquidity risk component into Value at Risk Model are presented. The component is considered to be resulted from the exogenous liquidity risk, indeed, the bid-ask spread of a stock or a portfolio. This research is conducted from the analysis of an estimation of Value at Risk (VaR) and Liquidity adjusted Value at Risk for two portfolios containing stocks that are currently trading on Vietnamese Stock Market. After applying the Bangia Model to calculate, the backtesting will be executed to check the accuracy level of the results. The difference between the results of two portfolios, according to separate approaches will be the evidence to reach the conclusion of the research. Table of Contents List of...
Words: 27184 - Pages: 109
...Guidelines for Risk Management Process Review The purpose of risk management is to identify potential problems before they occur so that risk-handling activities may be planned and invoked as needed across the life of the product or project to mitigate adverse impacts on achieving objectives. Risk management is a continuous, forward-looking process that is an important part of business and technical management processes. Risk management should address issues that could endanger achievement of critical objectives. A continuous risk management approach is applied to effectively anticipate and mitigate the risks that have critical impact on the project. Effective risk management includes early and aggressive risk identification through the collaboration and involvement of relevant stakeholders. Strong leadership across all relevant stakeholders is needed to establish an environment for the free and open disclosure and discussion of risk. Although technical issues are a primary concern both early on and throughout all project phases, risk management must consider both internal and external sources for cost, schedule, and technical risk. Early and aggressive detection of risk is important because it is typically easier, less costly, and less disruptive to make changes and correct work efforts during the earlier, rather than the later, phases of the project. Risk management can be divided into three parts: defining a risk management strategy; identifying and analyzing risks; and handling...
Words: 1989 - Pages: 8
