INTRODUCTION

Risk management is the identification, assessment, and prioritization of risks followed by coordinated and
economical application of resources to minimize, monitor, and control the probability and/or impact of
unfortunate events or to maximize the realization of opportunities
The strategies to manage risk include transferring the risk to another party, avoiding the risk, reducing the
negative effect of the risk, and accepting some or all of the consequences of a particular risk.

This section provides an introduction to the principles of risk management.

n ideal risk management, a prioritization process is followed whereby the risks with the greatest loss and
the greatest probability of occurring are handled first, and risks with lower probability of occurrence and
lower loss are handled in descending order. In practice the process can be very difficult, and balancing
between risks with a high probability of occurrence but lower loss versus a risk with high loss but lower
probability of occurrence can often be mishandled.

Intangible risk management identifies a new type of a risk that has a 100% probability of occurring but is
ignored by the organization due to a lack of identification ability. For example, when deficient knowledge is
applied to a situation, a knowledge risk materializes. Relationship risk appears when ineffective
collaboration occurs. Process-engagement risk may be an issue when ineffective operational procedures
are applied. These risks directly reduce the productivity of knowledge workers, decrease cost effectiveness,
profitability, service, quality, reputation, brand value, and earnings quality. Intangible risk management
allows risk management to create immediate value from the identification and reduction of risks that reduce
productivity.

Risk management also faces difficulties in allocating resources. This is the idea of opportunity cost.
Resources spent on risk management could have been spent on more profitable activities. Again, ideal risk
management minimizes spending and minimizes the negative effects of risks.

Method
For the most part, these methods consist of the following elements, performed, more or less, in the
following order.

1. identify, characterize, and assess threats

2. assess the vulnerability of critical assets to specific threats
3. determine the risk (i.e. the expected consequences of specific types of attacks on specific
assets)
4. identify ways to reduce those risks
5. prioritize risk reduction measures based on a strategy
Principles of risk management
The International Organization for Standardization (ISO) identifies the following principles of risk
management:

Risk management should:

 create value
 be an integral part of organizational processes
 be part of decision making
 explicitly address uncertainty
 be systematic and structured
 be based on the best available information
 be tailored
 take into account human factors
 be transparent and inclusive
 be dynamic, iterative and responsive to change
 be capable of continual improvement and enhancement

Process
According to the standard ISO 31000 "Risk management -- Principles and guidelines on
implementation," the process of risk management consists of several steps as follows:

Establishing the context

Establishing the context involves:

1. Identification of risk in a selected domain of interest

2. Planning the remainder of the process.
3. Mapping out the following:
 the social scope of risk management
 the identity and objectives of stakeholders
 the basis upon which risks will be evaluated, constraints.
4. Defining a framework for the activity and an agenda for identification.
5. Developing an analysis of risks involved in the process.
 6. Mitigation or Solution of risks using available technological, human and organizational
resources.

Identification
After establishing the context, the next step in the process of managing risk is to identify potential risks.
Risks are about events that, when triggered, cause problems. Hence, risk identification can start with the
source of problems, or with the problem itself.

 Source analysis Risk sources may be internal or external to the system that is the target of risk
management.

Examples of risk sources are: stakeholders of a project, employees of a company or the weather over an
airport.

 Problem analysis] Risks are related to identified threats. For example: the threat of losing money,
the threat of abuse of privacy information or the threat of accidents and casualties. The threats may
exist with various entities, most important with shareholders, customers and legislative bodies such as
the government.

When either source or problem is known, the events that a source may trigger or the events that can lead to
a problem can be investigated. For example: stakeholders withdrawing during a project may endanger
funding of the project; privacy information may be stolen by employees even within a closed network;
lightning striking an aircraft during takeoff may make all people onboard immediate casualties.

The chosen method of identifying risks may depend on culture, industry practice and compliance. The
identification methods are formed by templates or the development of templates for identifying source,
problem or event. Common risk identification methods are:

 Objectives-based risk identification Organizations and project teams have objectives. Any event
that may endanger achieving an objective partly or completely is identified as risk.
 Scenario-based risk identification In scenario analysis different scenarios are created. The
scenarios may be the alternative ways to achieve an objective, or an analysis of the interaction of forces
in, for example, a market or battle. Any event that triggers an undesired scenario alternative is identified
as risk - see Futures Studies for methodology used by Futurists.
  Taxonomy-based risk identification The taxonomy in taxonomy-based risk identification is a
breakdown of possible risk sources. Based on the taxonomy and knowledge of best practices, a
questionnaire is compiled. The answers to the questions reveal risks.
 Common-risk checking In several industries, lists with known risks are available. Each risk in the
list can be checked for application to a particular situation.
 Risk charting This method combines the above approaches by listing resources at risk, Threats to
those resources Modifying Factors which may increase or decrease the risk and Consequences it is
wished to avoid. Creating a matrix under these headings enables a variety of approaches. One can
begin with resources and consider the threats they are exposed to and the consequences of each.
Alternatively one can start with the threats and examine which resources they would affect, or one can
begin with the consequences and determine which combination of threats and resources would be
involved to bring them about.

Assessment
Once risks have been identified, they must then be assessed as to their potential severity of loss and to the
probability of occurrence. These quantities can be either simple to measure, in the case of the value of a
lost building, or impossible to know for sure in the case of the probability of an unlikely event occurring.
Therefore, in the assessment process it is critical to make the best educated guesses possible in order to
properly prioritize the implementation of the risk management plan0.

The fundamental difficulty in risk assessment is determining the rate of occurrence since statistical
information is not available on all kinds of past incidents. Furthermore, evaluating the severity of the
consequences (impact) is often quite difficult for immaterial assets. Asset valuation is another question that
needs to be addressed. Thus, best educated opinions and available statistics are the primary sources of
information. Nevertheless, risk assessment should produce such information for the management of the
organization that the primary risks are easy to understand and that the risk management decisions may be
prioritized. Thus, there have been several theories and attempts to quantify risks. Numerous different risk
formulae exist, but perhaps the most widely accepted formula for risk quantification is:

Rate of occurrence multiplied by the impact of the event equals risk

Financial risk management
Financial risk management is the practice of creating economic value in a firm by using financial
instruments to manage exposure to risk, particularly credit risk and market risk. Other types include Foreign
exchange, Shape, Volatility, Sector, Liquidity, Inflation risks, etc. Similar to general risk management,
financial risk management requires identifying its sources, measuring it, and plans to address them.

Financial risk management can be qualitative and quantitative. As a specialization of risk management,
financial risk management focuses on when and how to hedge using financial instruments to manage costly
exposures to risk.

In the banking sector worldwide, the Basel Accords are generally adopted by internationally active banks for
tracking, reporting and exposing operational, credit and market risks.

When to use financial risk management

Finance theory prescribes that a firm should take on a project when it increases shareholder value. Finance
theory also shows that firm managers cannot create value for shareholders, also called its investors, by
taking on projects that shareholders could do for themselves at the same cost.

When applied to financial risk management, this implies that firm managers should not hedge risks that
investors can hedge for themselves at the same cost. This notion was captured by the hedging irrelevance
proposition: In a perfect market, the firm cannot create value by hedging a risk when the price of bearing
that risk within the firm is the same as the price of bearing it outside of the firm. In practice, financial
markets are not likely to be perfect markets.

This suggests that firm managers likely have many opportunities to create value for shareholders using
financial risk management. The trick is to determine which risks are cheaper for the firm to manage than the
shareholders. A general rule of thumb, however, is that market risks that result in unique risks for the firm
are the best candidates for financial risk management.

The concepts of financial risk management change dramatically in the international realm. Multinational
Corporations are faced with many different obstacles in overcoming these challenges. There has been
some research on the risks firms must consider when operating in many countries, such as the three kinds
of foreign exchange exposure for various future time horizons, transactions exposure, accounting
exposure, and economic exposure.

Mega projects (sometimes also called "major programs") have been shown to be particularly risky in terms
of finance. Financial risk management is therefore particularly pertinent for mega projects and special
methods have been developed for such risk management.

FINANCIAL RISK MANAGEMENT OBJECTIVES

 To evaluate the risk in financial markets.

 To know the proper assessment of risk and to determining as to whether it is worth

taking or not.

 How an individual investor can reduce expected risk and also can estimate the
expected return and expected risk level of a given portfolio.

 The perquisite for an objective evaluation and comparative analysis of various

investment alternatives is a rational method for quantifying risk and return.

 How an individual investor can minimizing the risks and maximizing the profit with
effective risk management.