Risk Management
Heinz‐Peter Berg – RISK MANAGEMENT: PROCEDURES, METHODS AND EXPERIENCES
RT&A # 2(17) (Vol.1) 2010, June
RISK MANAGEMENT: PROCEDURES, METHODS AND EXPERIENCES
Heinz-Peter Berg • Bundesamt für Strahlenschutz, Salzgitter, Germany e-mail: hberg@bfs.de
ABSTRACT
Risk management is an activity which integrates recognition of risk, risk assessment, developing strategies to manage it, and mitigation of risk using managerial resources. Some traditional risk managements are focused on risks stemming from physical or legal causes (e.g. natural disasters or fires, accidents, death). Financial risk management, on the other hand, focuses on risks that can be managed using traded financial instruments. Objective of risk management is to reduce different risks related to a pre-selected domain to an acceptable. It may refer to numerous types of threats caused by environment, technology, humans, organizations and politics. The paper describes the different steps in the risk management process which methods are used in the different steps, and provides some examples for risk and safety management.
1 1.1
INTRODUCTION Risk
Risk is unavoidable and present in every human situation. It is present in daily lives, public and private sector organizations. Depending on the context (insurance, stakeholder, technical causes), there are many accepted definitions of risk in use. The common concept in all definitions is uncertainty of outcomes. Where they differ is in how they characterize outcomes. Some describe risk as having only adverse consequences, while others are neutral. One description of risk is the following: risk refers to the uncertainty that surrounds future events and outcomes. It is the expression of the likelihood and impact of an event with the potential to influence the achievement of an organization 's objectives. The phrase "the expression of the likelihood and impact of an event" implies that, as a minimum, some form of quantitative or
RT&A # 2(17) (Vol.1) 2010, June
RISK MANAGEMENT: PROCEDURES, METHODS AND EXPERIENCES
Heinz-Peter Berg • Bundesamt für Strahlenschutz, Salzgitter, Germany e-mail: hberg@bfs.de
ABSTRACT
Risk management is an activity which integrates recognition of risk, risk assessment, developing strategies to manage it, and mitigation of risk using managerial resources. Some traditional risk managements are focused on risks stemming from physical or legal causes (e.g. natural disasters or fires, accidents, death). Financial risk management, on the other hand, focuses on risks that can be managed using traded financial instruments. Objective of risk management is to reduce different risks related to a pre-selected domain to an acceptable. It may refer to numerous types of threats caused by environment, technology, humans, organizations and politics. The paper describes the different steps in the risk management process which methods are used in the different steps, and provides some examples for risk and safety management.
1 1.1
INTRODUCTION Risk
Risk is unavoidable and present in every human situation. It is present in daily lives, public and private sector organizations. Depending on the context (insurance, stakeholder, technical causes), there are many accepted definitions of risk in use. The common concept in all definitions is uncertainty of outcomes. Where they differ is in how they characterize outcomes. Some describe risk as having only adverse consequences, while others are neutral. One description of risk is the following: risk refers to the uncertainty that surrounds future events and outcomes. It is the expression of the likelihood and impact of an event with the potential to influence the achievement of an organization 's objectives. The phrase "the expression of the likelihood and impact of an event" implies that, as a minimum, some form of quantitative or
References: [40] ACT Insurance Authority 2004. Risk Management Toolkit. February 2004. [41] AZ/NZS 4360 2004. Risk Management. Standards Australia International Ltd, Sydney. [42] Basel Committee on Banking Supervision 2003. Trends in Risk Integration and Aggregation, Basel, August 2003. [43] Bolvin C., Farret, R., Salvi, O. 2007. Convergence towards integrated risk management: results from the European SHAPE-RISK project and other initiatives. Proc. ESREL 2007: 1683 – 1687. [44] Cagno, E., Caron, F., Mancini, M. 2007. A multi-dimensional analysis of major risks in complex projects. Risk Management: 1–18. [45] Committee for European Banking Supervisors 2005. Consultation Paper on the Supervisory Review Process under Pillar II of the Revised Basel Accord, Basel II), June 2005. 94 Heinz‐Peter Berg – RISK MANAGEMENT: PROCEDURES, METHODS AND EXPERIENCES RT&A # 2(17) (Vol.1) 2010, June [46] Committee of Sponsoring Organizations of the Treadway Commission (ed.) 2004. Enterprise Risk Management – Integrated Framework – Application Techniques. September 2004. [47] Datta, K. 2007. The application of the NASA risk management to the SOFIA program. Proc. Reliability and Maintainability Symposium 2007, Orlando, January 2007, 410 – 413. [48] Deutsche Gesellschaft für Qualität e.V. 2007. Risk Management. DGQ 12 – 41, Beuth-Verlag, Berlin, April 2007 (in German). [49] Federal Aviation Administration 2007. Safety Risk Management Guidance for System Organization. SRMGSA-Final Version 1.4a, February 2007. [50] Federal Ministry for the Environment, Nature Conservation and Nuclear Safety (ICBNU) 2004. Fundamentals of Safety Management Systems in Nuclear Power Plants. June 2004. [51] Federation of European Risk Management Associations 2003. A Risk Management Standard. [52] Gesellschaft für Anlagen- und Reaktorsicherheit mbH (GRS) 2007. Management Systems in Nuclear Power Plants. GRS-229, Cologne, August 2007 (in German). [53] Gustavsson, H. 2006. A Risk Management Framework Designed for Trelleborg AB. Report 5195. [54] HB 436 2004. Handbook Risk Management Guidelines. Standards Australia International Ltd., Sydney 2004. [55] Hess, S.M., Gaertner, J. P. 2006. Application of risk management as a cornerstone in ensuring nuclear plant safety. Proc. of the 8th International Conference on Probabilistic Safety Assessment and Management, May, 14 – 18, 2006, New Orleans, paper PSAM-0477. [56] International Electrotechnical Commission (IEC) 2008. Draft IEC 31010 Ed. 1.0, Risk Management – Risk Assessment Techniques. May 2008. [57] International Standardization Organization 2007. Draft ISO 31000, Risk Management Guidelines on Principles and Implementation of Risk Management. Final version to be issued in 2009. [58] Joint Committee of Structural Safety (JCSS) 2008. Risk Assessment in Engineering, Principles, System Representation and Risk Criteria. JCSS, June 2008. [59] Mundt, A.P. 2008. Dynamic risk management with Markov decision process. Universitätsverlag Karlsruhe, 2008. [60] NASA 2002. Risk Management Procedural Requirements. NPR 8000.4, April 2002. [61] NASA 2007. Exploration Systems, Risk Management Plan. August 2007. [62] Oehmen, J. 2005. Approaches to Crisis Prevention in Lean Product Development by High Performance Teams and through Risk Management. Munich, September 2005. [63] Oesterreichisches Normungsinstitut 2008. ONR 49000 Risikomanagement für Organisationen und Systeme. (in German). [64] Rheinland-Pfalz 2008. SGU-Leitfaden. (in German). [65] Rio Tinto 2007. Risk Policy and Standard. August 2007. [66] Taleb, N. 2007 a. The Black Swan: The Impact of the Highly Improbable. Penguin, London. [67] Taleb, N. 2007 b. Epistemology and risk management. Risk & Regulation Magazine, Summer 2007. [68] Treasury Board of Canada 2001. Integrated Risk Management Framework. April 2001. [69] Wirthin, R. 2006. Managing Risk and Uncertainty: Traditional Methods and the Lean Enterprise. MIT/LAI, Presentation April 18, 2006. World Economic Forum (WEF) 2008. Global Risks 2008, A Global Risk Network Report. Cologny/Geneva, January 2008. 95