3. Basic Principles of Risk Management…
• RM should create value.
• RM should be an integral part of organizational processes.
• RM should be part of decision making.
• RM should explicitly address uncertainty.
• RM should be systematic and structured.
• RM should be based on the best available information.
• RM should be tailored.
• RM should take into account human factors.
• RM should be transparent and inclusive.
• RM should be dynamic, iterative and responsive to change.
• RM should be capable of continual improvement and enhancement.
www.derekhendrikz.com
5. Risk Identification…
• Risk identification starts with the source of problems
or with the problem itself.
• This implies both source analysis and problem
analysis.
• Major risk identification entails the identification of
major risks that may have a significant impact
(financial or otherwise) on the organisation.
• Micro risk identification aims to identify sub-risks
within the major risk class, where such activity is
pivotal to the risk control objectives.
www.derekhendrikz.com
6. Risk Evaluation…
• Risk evaluation is the expression of risk in
numerical terms.
• Areas of risk evaluation includes:
• Loss dimensions;
• Loss frequencies and probabilities;
• Loss frequency distributions; and
• Variability as measure of risk.
www.derekhendrikz.com
7. Risk Control (risk response)…
• Risk control aims to prevent and control
organizational risks and resultant losses.
• Risk control is therefore any process which
prevents losses or curtails their effects.
• Risk control counters risks in the following
ways:
• It eliminates or reduces the factors that may cause
loss to a person or organization;
• It minimizes the actual loss that occurs when
preventative methods have not been fully
effective.
www.derekhendrikz.com
8. Risk Financing…
• Risk financing pursues the minimizing of
‘total cost-of-risk’ to an organization.
• Cost of risk will include:
• Insurance cost;
• Un-reimbursed losses (inadequate insurance,
excess payments, etc);
• Loss prevention and risk control cost; and
• Administrative cost
www.derekhendrikz.com
9. 6-Step
Process to
Managing
Risk
1. Develop your assumptions regarding risks
and possible risk scenarios;
2. Assume the risks relating to your task;
3. Determine the signals or early warning
systems that will alert the risk as soon as
possible;
4. Quantify and prioritise the risks;
5. Develop risk management plan with control
measures; and
6. Monitor the risk management plan.
www.derekhendrikz.com
10. Traditional Approach to Risk Management
Risk
Establish
Context
Risk
Identification
Risk
Assessment
Risk
Management
www.derekhendrikz.com
11. Establish Context…
• Establish social scope
• Identify objectives of stakeholders
• Establish criteria for risk evaluation
• Identify constraints
• Define a risk management framework
www.derekhendrikz.com
22. Risk Management Assumptions (1)…
1. That analysis of the relationship between probability and impact is the best
way to understand risk and disaster management.
2. That a risk is an event of which we have an understanding of both the
impact and the probability of occurrence.
3. That a disaster is an event which we have failed to prevent or avoid.
4. That the difference between disaster and risk management stays academic
in nature, and that it is practically never possible to separate the two
concepts when managing disaster risks.
5. That risk management is most effective when abdicated and that where we
have to take the risk, we should find effective ways in reducing the
uncertainty surrounding such risk.
6. Where the management of probability is inadequate, we have to manage
impact. This is best done through effective response control and recovery
management techniques.
www.derekhendrikz.com
23. Risk Management Assumptions (2)…
7. That effective policy formulation, risk-exposure analysis and adequate risk-
disaster funding are three essential pillars for the effective management of
risks and disasters.
8. That essentially, there are only four ways of managing risks, which are
transference, avoidance, mitigation and retention.
9. That risk retention has both pre-loss and a post-loss retention dimensions,
and that pre-loss retention primarily concerns itself with risk mitigation
whereas post-lost retention concerns itself with risk response and risk
recovery. Furthermore the field of disaster management encapsulates the
response and recovery elements of risk management.
10. That the primary outcome of risk avoidance and transference is abdication of
risk.
11. That the primary outcome of pre-loss risk retention is eradication of the
uncertainty surrounding risk.
12. That the primary outcome of post-loss risk retention is to restore, business
operation, environment and people dynamics to its original state.
www.derekhendrikz.com