What do we do about Risk Management?

Risk management is an activity directed towards the assessing, mitigating and monitoring of risk. In most day-to-day cases the acceptable risk may be determined low or close to zero. Risks can come from accidents, natural causes and disasters as well as deliberate attacks from an outside source. Technically, the notion of risk is independent from the notion of value and, as such, possible occurrences may have both good and bad consequences.

Consider the following when establishing risk areas or activities;
1. Identify risk in a selected or selected area of interest,
2. Document the identified risk by using for example a Process Flow Diagram method,
3. Establish the following:
- the scope of the risk management activities,
- the the identity and objectives of nay stakeholder requirements, and
- on what basis the risks will be evaluated, constraints.
4. Define a framework for the above activities and develop an agenda for identification and review of existing and future risks.
5. Develop what methods to use to analyze existing risks involved in your risk areas and its processes.
6. When mitigate risks we can consider using convinient and available technological, human and organizational resources.

Analyze Risk

After establishing the areas in your processes/activities were risk may occur and we have identified the risks this might entail, the next step to analyze these potential risks. Risks are about events that, when triggered, cause problems and for that reason risk identification always starts with the source of problems, or with the problem itself. For example the following methods could be considered;
• Source analysis Risk sources may be internal or external to the processes/activities that is the target of risk management. Examples of risk sources are: stakeholders of a project, employees of a company or the weather over an airport.
• Problem analysis Risks are related to the identified threats of said risk. For example: the threat of losing money, the threat of abuse of privacy information or the threat of accidents and casualties. The threats may exist with various entities, most important with shareholders, customers and legislative bodies such as the government. The chosen method of identifying risks may depend on culture, industry practice and compliance.