The Good Concept and Tools For Risk Management and How To Manage Risk as an Entrepreneur

Zaher Iqbal Abir TP077580

HM NAZIB E HUDA TP077128

Adam Mohamed Ahmed  TP077122

Shabill Addin Anas bin Safril TP078383

Manashov Ziyoviddin TP070402

Abdurasulov Najmiddin TP069840

 The Good Concept and Tools For Risk Management and How To Manage Risk as an Entrepreneur.

    Risk management encompasses various concepts that form the foundation of a comprehensive risk management framework. One fundamental concept is risk identification, which involves systematically recognizing potential risks that could affect the organization's ability to achieve its objectives (Fraser & Simkins, 2016). This process often involves techniques such as brainstorming sessions, risk registers, and scenario analysis to capture a wide range of risks. Risk assessment is another critical concept, where identified risks are analyzed to determine their likelihood and potential impact on the organization. This step allows organizations to prioritize risks based on their severity and develop appropriate mitigation strategies (Hillson & Webster, 2017). Risk assessment techniques such as qualitative and quantitative risk analysis help in evaluating risks using predefined criteria and mathematical models. Risk mitigation involves implementing measures to reduce the likelihood or impact of identified risks. This may include risk avoidance, risk transfer, risk reduction, or risk acceptance, depending on the nature and severity of the risk (Pritchard & Wu, 2017). Effective risk mitigation strategies aim to proactively address potential threats and vulnerabilities, thereby enhancing organizational resilience. [Adam Mohamed Ahmed Tp077122]

    Various tools and techniques are available to support the risk management process, enabling organizations to effectively identify, assess, and mitigate risks. One widely used tool is the risk register, which serves as a central repository for capturing and documenting identified risks along with relevant details such as their potential impact, likelihood, and mitigation actions (Hillson & Webster, 2017). The risk register provides visibility into the organization's risk landscape and facilitates ongoing monitoring and management of risks. Risk assessment matrices are another valuable tool for evaluating and prioritizing risks based on their likelihood and impact. These matrices categorize risks into different levels of severity, helping organizations focus their resources on addressing high-priority risks while allocating appropriate attention to lower-priority ones (Fraser & Simkins, 2016). By visually representing risks in a structured format, risk assessment matrices aid in decision-making and resource allocation processes. [Abdurasulov Najmiddin Tp069840]

What is ERM?

    A methodology known as enterprise risk management (ERM) approaches risk management strategically from the viewpoint of the entire company or organization. It is a top-down approach that seeks to recognize, evaluate, and get ready for possible losses, risks, hazards, and other possibilities of harm that could obstruct an organization's goals and operations or result in losses.

    Furthermore, the integrated strategy of enterprise risk management demands managerial decisions that may not be fit for a particular corporate division or sector. Thus, firm-wide surveillance takes precedence over the individual business units' responsibility for risk management.

    It usually entails providing the risk management strategy to all relevant parties as a component of an annual report. ERM is now being used in a wide range of industries, including aviation, building, public health, international development, energy, finance, and insurance (Hayes, 2014).

 [Manashov Ziyoviddin Tp070402]

Two ERM essentials

    A dedicated group of people to design and carry out the program and an ERM framework to direct the team through the process are two vital elements of a successful enterprise risk management program.

[Zaher Iqbal Abir Tp077580]

Framework examples

- The Committee of Sponsoring Organizations (COSO) risk management framework supports data-supported judgments and aids in the establishment of industry-respected controls (5 Steps to Implement Enterprise Risk Management (ERM),  2022)

- Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), developed by Carnegie Mellon University offers a self-directed approach that may be adjusted based on the size of your company (5 Steps to Implement Enterprise Risk Management (ERM),  2022)

- Factor Analysis of Information Risk (FAIR) offers a standard vocabulary for risk mitigation to assist you in addressing the flaws in security procedures (5 Steps to Implement Enterprise Risk Management (ERM),  2022)

- The National Institute of Standards and Technology’s Risk Management Framework (NIST RMF) shows ways to choose initial controls and risk assessment techniques (5 Steps to Implement Enterprise Risk Management (ERM),  2022)

- ISO 31000: Risk Management, from the International Organization for Standardizationhas all the necessary guidelines, a structure, and a risk-management procedure. ISO 31000 is applicable to all types of organizations, regardless of size, industry, or activity (5 Steps to Implement Enterprise Risk Management (ERM),  2022)

[Zaher Iqbal Abir Tp077580]

            Figure 1 : Eg framework: 5 Interrelated Components of COSO ERM Framework

What Are the Steps of ERM? [Shabill Addin Anas bin Safril Tp078383]

Moving closer towards ways of managing risk, here are 5 steps to kick start ERM:

Step 1: Establish Organizational Objectives

Your company needs to first identify its objectives. 

Consider the risks associated with new revenue streams as well as your present hazards while establishing your organization's goals. 

A business that specializes in payment systems, for instance, would adhere to the PCI DSS standard to protect credit card data. However, the same company must also assess its HIPAA regulatory compliance if it chooses to enter the healthcare sector in an effort to boost profitability. 

Your organization's risks will alter as it expands. Prior to evaluating risks, understanding corporate goals enhances the effectiveness of the risk mitigation process, just as knowing the different paths to success in a game aids individuals making more intelligent decisions.

Step 2: Assess the Risks

ERM programs require an evaluation of your company's vulnerabilities as a crucial stage. 

Examining assets is the first step in risk assessment. What you need to safeguard and how to protect it depends on your organizational, financial, customer, physical, employee, supplier, and physical assets. 

You must conduct a risk analysis after evaluating your assets to see how opponents can use them or how unanticipated occurrences could hurt them. For instance, there can be flaws in your supply chain that could harm your business's operations or reputation. You need to be aware of the ways in which adversaries or malevolent attackers can exploit even the strongest protections in order to improve your risk management.

Step 3: Determine Risk Acceptance or Risk Avoidance

Risk management teams must then choose whether to accept or avoid the risk following a risk assessment. 

Examine the internal controls in place to accept or prevent risks depending on your assets and risk assessment when you analyze your IT landscape. 

Consider Amazon Web Services (AWS), for instance, as a secure cloud service provider (CSP). However, as more and more attackers focus on AWS, data breaches and distributed denial of service (DDoS) attacks result. An organization may decide to accept the risks of utilizing AWS even after becoming aware of its vulnerabilities if it believes that its safeguards outweigh the flaws. 

Step 4: Map Internal and External Risks

When mapping internal and external threats, organizations need to do the same analysis. You can gain important insights into the potential intersections and locations of internal and external hazards within your organization by mapping them out. 

The finance team, for instance, may have complex financial forecasts to assist in figuring out how much cash reserves are appropriate to maintain on hand. On the other hand, your suppliers can face an unexpected setback due to bankruptcy, shipment delays, or increased material costs. The potential impact of external supplier risk on cash flows and reserves could influence internal risks. 

Management teams can identify potential risk sources and more effectively and efficiently address those concerns by mapping those relationships and outcomes.

Step 5: Set Controls and KRIs

Ensuring that measurements and risks comply with legislation and guidelines is of utmost importance. This implies that in order to manage risks, internal controls must be put in place. Key risk indicators (KRIs) can alert managers when those risks approach unacceptable levels. 

Kris entering "the red zone" could indicate that a control is no longer effective or that the underlying danger has shifted, rendering the control useless. An early-warning system provided by controls and KRIs informs managers when a component of the risk management program requires attention.

(5 Steps to Implement Enterprise Risk Management (ERM),  2022)

Whilst utilizing ERM, there are key elements to be aware of:

Strategy and Objective Setting

Setting targets and goals can be helped by having a high level understanding of the company's strategies and associated risks.

 

Risk Identification

Risk identification highlights the major dangers that could jeopardize the company’s overall financial situation and security posture.

Risk Assessment
The likelihood and potential for hazard of the identified hazards are evaluated through analysis.

Risk Response

To realign identified risks with management's risk tolerances, take into account a variety of risk coping mechanisms and select appropriate courses of action.

 

Communication and Monitoring

At all organizational levels, appropriate data and information must be continuously circulated and monitored.

(5 Steps to Implement Enterprise Risk Management (ERM),  2022)

[Hm Nazib E Huda Tp077128]

Reference List [Adam Mohamed Ahmed Tp077122]

Marker, A. (2021). Enterprise Risk Management Frameworks and Models. Smartsheet. https://www.smartsheet.com/content/enterprise-risk-management-framework-model

Hayes, A. (2024, February 20). Enterprise Risk Management (ERM): What Is It and How It Works. Investopedia. https://www.investopedia.com/terms/e/enterprise-risk-management.asp#toc-understanding-enterprise-risk-management-erm

Fraser, J., & Simkins, B. (2016). Enterprise risk management: Today's leading research and best practices for tomorrow's executives. John Wiley & Sons.

Hillson, D., & Murray-Webster, R. (2017). Understanding and managing risk attitude. Gower Publishing, Ltd.

Pritchard, C. L., & Wu, S. (2017). Scheduling with time-dependent risk. Springer.