RISK ASSESSMENT:

PRACTICAL APPLICATIONS FOR

INDIVIDUALS, PROJECTS AND
ORGANIZATIONS

EI PHYUSIN HTAY
MANAGING DIRECTOR
BARONS GROUP OF COMPANIES
• WHAT IS RISK
• DO WE AVOID RISK? HOW?
• RISK MANAGEMENT And Its PROCESSES
• TYPES of RISK ASSESSMENT
• INDIVIDUAL RISK ASSESSMENT
• SYSTEMS RISK ASSESSMENT
• DYNAMIC RISK ASSESSMENT
• STEPS of RISK ASSESSMENT
• ESTABLISHING CONTEXT
• IDENTIFICATION OF POTENTIAL RISKS
• IDENTIFICATION OF POTENTIAL IMPACTS
• MEASURING CONSEQUENCES
• APPLICATION AREAS of RISK ASSESSMENTS
 WHAT IS RISK
Risk is a possibility of something bad happening. It refers to uncertainty of
outcome, of actions and events, where something of human value (such as health,
wealth, well-being, property or environment) is at stake and where the outcome is
uncertain. It also refers to a chance or probability that a person will be harmed or
experience adverse health effect if exposed to hazard.

Occupational risk Project risk

Information technology risk Security risk
Health Risk
Environmental Risk Economic Safety riskCredit
Risk risk
Operation risk Financial Risk Market Risk
Interest Rate Risk Business Risk Country Risk
Foreign Exchange Risk Inflation risk
DO WE AVOID RISK? HOW?

Risk can come from various sources including

 uncertainty in financial markets (financial risk, interest rate risk, foreign
exchange risk etc)
 threats from project failures (Project risk, Security risk, Safety Risk etc)
 Accidents
 Natural causes and disasters
 Events of uncertain or unpredictable root-cause
Some Risks make negative impact and need to be mitigated (reduce its impact)
Some Risks create opportunities to be fulfilled (grasp the opportunity, not avoid risk)
DO WE AVOID RISK? HOW?

 uncertainty in financial markets (financial risk, interest rate risk, foreign

exchange risk etc)

Negative impact on those who have no choice of action

(Example: Manufacturer, Exporter, Borrower of Loans)
Need to reduce the impact of this risk so control are necessary.

Can create positive impact on Financial Traders, Stock investors.

They need to grasp it.
DO WE AVOID RISK? HOW?

 threats from project failures (Project risk, Security risk, Safety Risk etc)
 Accidents

Create Negative impact on projects.

Thus, they need to be properly assessed and controlled.
DO WE AVOID RISK? HOW?

 Natural causes and disasters

 Events of uncertain or unpredictable root-cause

Some risk impact negatively

(Example : COVID-19 pandemic on governments, households, tourism industry)
Thus, Risk predicted from natural causes and disasters need to be properly assessed and
Controlled, in general.

Some Risks from Natural causes create opportunities to be fulfilled.

(Example : COVID-19 pandemic create opportunity for Virtual industries,
online gaming and entertainment industries, delivery services, pharmaceutical industry)
The Natural causes usually open doors for certain kind of industries to grasp it as
opportunities while its catastrophic effect impact a large population.
RISK MANAGEMENT AND ITS PROCESS

While not all risk needed to be avoided, when they needed to be avoided, we can
approach it in a systematic manner called “Risk Management”

Risk Management is the

identification, Risk Assessment
evaluation and
prioritization or risks.
Followed by coordinated and economical
application of resources
to minimize
Risk Mitigation monitor and
control the impact of the risks.
and Management
RISK MANAGEMENT AND ITS PROCESS

Followings are the steps of Risk Management Methods

1. Establish the context (Business Risk? Project Risk? Environmental Risk?)
2. Identify the potential threats (source analysis, problem analysis)
3. Assess the potential severity of impact
Risk Assessment
4. Reduce the Impact of risk (control by processes, transfer of risk, avoid etc)
5. Review and evaluation of the plan
Risk Mitigation and Management
RISK ASSESSMENTS
A Risk assessment determines possible mishaps, their likelihood of occurrence,
the consequences if occurred and the tolerance of such event.

Risk Assessment is –
-identifying and analyzing potential events that may negatively impact
individuals, organizations, or environments (risk analysis)
-making judgement on tolerance (risk evaluation)
RISK ASSESSMENTS : INDIVIDUAL RISK ASSESSMENT
Individuals also determines possible mishaps, their likelihood of occurrence,
the consequences if occurred and the tolerance of such event, in the context of
social level or to manage household risks.

However, judgement of risk by individuals can be clouded or mis-guided when

individuals feels “exposures are too much and become negligent” “when they
perceive they are being in control”. Often, “fear”, “anxiety” and “emotion”
effect Individual’s risk assessment and risk taking appetite.
Example–
-when catastrophic events such as storm, earthquake, pandemic occurs,
individuals feels overwhelming by the exposures and accept the risk and become
negligent
-while smoking is considered risk, individuals may feel whether to stop smoking
is being controlled by them and the risk is being neglected to be assessed
RISK ASSESSMENTS : SYSTEMATIC RISK ASSESSMENT

While at Project or Organization levels to manage project risk or business risk

or even broader view at country level managing economic risk, systematic risk
assessment need to be performed.

Systematic Risk Assessment follows below steps:

- establish context to restrict the range of threats/hazards to be considered
- identify visible or implied threats/hazards
- identify potential parties or assets which may be affected by threats
- estimate reasonably likely consequences and probability of occurrence of
threats
RISK ASSESSMENTS : DYNAMIC RISK ASSESSMENT

During an emergency, some threats or hazards were able to be predicted and

procedures are established and trained to be followed.

In most of emergencies, the personnel directly involved in emergencies may be

required to deal with the unforeseen events in real times by themselves. The
decisions made during emergencies should be reviewed after the operation to
provide feedback on effectiveness of both planned procedures and other
decisions made to deal with the emergencies.

Such process is called Dynamic Risk Assessment.

STEPS OF RISK ASSESSMENT:
ESTABLISHING CONTEXT

The very first step of Risk Assessment is “Establishing the Context”.

As some “Risk” can be negative and needed to reduce its impact, while other “Risk” might create
opportunities and need to grasp it, it is important to understand the “Context” to decide :
whether “Risk (Negative impact thus Threats)” need to be avoided /controlled
(OR)
“Risk (Positive impact thus Opportunity)” need to be grasped.

To establish “Context”, we have to identify :

- specific area or agenda we want to focus (A construction project? A company? A social Project?)
- Identify “stakeholders” in that specific area (eg. workers and passer by in construction project?
customers, employees and shareholders in a company? Migrants, infants, marine species etc
in a Social project?). Identify stakeholders in the focus area who can be negatively or positively
impacted
STEPS OF RISK ASSESSMENT:
IDENTIFICATION OF POTENTIAL RISKS

The next step of Risk Assessment is “to identify potential risk”. Risk are events
which will cause problems or benefits, when occurred.

We can start with source of our problems or other’s problems (source analysis) and
consequences of our problems (problem analysis).

Sources Analysis : Risk sources may be internal or external. Most of Stake holders are sources of risks.
For example, “suppliers” are external sources of risk in the context of a “Company”.
“workers” are internal sources of risk in the context of a “Project”.
“Immigrants” are external sources of risk in the context of a “Country”.

Problem Analysis : Identify the threats to “Stakeholders” identified in the established context.
For Example, if Context is a Construction Project, “workers” are one of “stakeholders”
and any threats to workers can be identified as “risks”.
If Context is a Company, “customers” are one of “stakeholders” and any threats
to “customers” can be identified as “risks”.
STEPS OF RISK ASSESSMENT:
IDENTIFICATION OF POTENTIAL RISKS

Source Analysis : Elaborated Examples of “Sources” of “Risks”:

- “weather” in an airport is external source that can lead to problem of stopping operation for few hours
- “suppliers” for a company is external source that can lead to problem of delivering goods lately
- “neighbors” for a construction project is external source that can lead to a problem of stopping
Construction site for a period of time

- “airline workers” in an airline is internal source that can lead to a problem of stopping airline service
due to workers strike
- “medical worker” in a house-hold is internal source that can lead to COVID-19 infection in the family
- “workers” in a construction site is internal source that can lead to accidents in a site
STEPS OF RISK ASSESSMENT:
IDENTIFICATION OF POTENTIAL RISKS

Problem Analysis : Elaborated Examples of “Problems” (or) “Threats to stakeholders”:

• Workers in a “project” can fall down from a height that has works to be done at heights
• Employees in an “office” working with computers for long time can face eyes problems
• Customers of a “hotel” can be drown in hotel swimming pool
• People “travelling in a bus” can face road accident
• Workers in a “project” can face electric shock working with machines
• Employees of a “delivery service company” can be threaten by robbery en-route
• Customers of a “hospital” can face COVID-19 infection
• People “living near an airport” can have ear problem
• Workers in a “project” can face snake bite
• Employees in “Media company” can be sued by a anyone in the public
• Customers of a “construction company” may receive a poorly built building
• People “living in delta area” can face storms
STEPS OF RISK ASSESSMENT:
IDENTIFICATION OF POTENTIAL RISKS

After the “Source” of the “Problems” are known, the “events” that a “Source” may create (or) the
“events” that can lead to “problems” are to be identified.
There are various methods and approaches to identify these “risks” and it depends on culture, industry
practices and legislation. One very common method called “Risk Matrix” is introduced in this
presentation.
Risk Matrix
Step-1 : list down the “stakeholders” or “sources” at risk
Step-2 : list down the “threat” or “problems” that my occur
Step-3 : list down the “factors” that can “increase” or “decrease” the risks
Step-4 : list down the “consequences” assessor wishes to avoid

Alternative methods:
-may start with step 2 and then 3,1and 4
-may start with step 3 and then 2,1and 4
-may start with step 4 and then 1,2 and 3
 Examplary Risk Matrix for A Construction site
1 2 3 4
Problems/
Stakeholders/Source Threats Influencing Factors (Events) Consequeneces to avoid
letigation, compensations, loss of menpower ,
1 may fall from heights working at heights punishment by authorities
working with live/open letigation, compensations, loss of menpower ,

Example risk matrix

For construction site
2 may get electric shocks electricity sources punishment by authorities
poor housekeeping of site,
3 Workers tripping/slipping muddy condition of sites, compensation, loss of mepower
when using open flame, letigation, compensations, loss of properties,
4 burnt by fire when fuel sotrage and smokes/flashes are near stoppage of site and income

5 bitten by snake/insects weather, surrounding environment loss of menpower

6 inhaling dangerous gas working in confined spaces letigation, compensations, loss of menpower
7 Employees *=same as workers=
when pile machine is operating,
when vehicles and machineries authorities interference and
8 Noise/vibration impact sleep are operating investigations if complaints
If complaints or accidents occurred, authorities
Neighbors interference, investigation and costly instruction
when the site is too close to for improvement, stoppage of site, letigation,
9 objects falling down on them neighbor's premises compensations

10 fire spreading to neighbors when the site may get fire letigations, compensations, stoppage of site

while vehicles entering/leaving letigations, compensations, repair cost of

11 Passing by vehicles road accident while in/out of site the sites onto the road damaged own properties and 3rd party properties
12 Customers *=same as workers=
when supplier comes near moving compensations, repair cost of 3rd party
13 hit by an object vehicle/machinery cars/machines
Suppliers
compensations, repair cost of 3rd party
14 hit by moving vehicles when supplier comes near moving vehicle cars/machines
15 Sub-contractors *=same as employees =
16 Visitors *=same as suppliers=
Lightning strike stopping the while worker working at height during compensations, loss of menpower, punishment
17 Lightning Strike construction activity thunderstorm by authorities
punishment by authorities, stoppage/lock-down
spread of epidemic/pandemic when operating a construction site during outbreak of sites, health-care cost of workers and
18 Epidemic/Pandemic among workers, employees of epidemic/pandemic employees, loss of menpower, reputation
 Examplary Risk Matrix for a Company
1 2 3 4
Problems/
Stakeholders/Source Threats Influencing Factors (Events) Consequeneces to avoid
health problems associated to when working with computuers for long time,
1 body postures, eyes when working in one posture for long time too many ill-leaves affecting productivity
working under stress, working with complex

Example risk matrix

problems, bad peer to peer relationship, bad
relationship with management, low salary, care
2 Employees not happy at work package, career development opportunity resignation, moving to competitors

For a company
danger from travels, assulted from when travelling to dangerous country or regions, compensations, loss of menpower , insecure
3 travel wokking during socierty unrest feelings of employees

letigation for mal-practice, grieiving outsider sue medical employee, law firm
4 misconduct employee , media employee for mis-conduct reputation to company, cost of letigation
Loss of when company is operating at a loss continuously, close down of business, letigation from creditors,
5 profits/earnings/investments when debts are more than earnings reduction of credit ratings, fall of stock price
Shareholders
when company is not operating with compliance of letigation cost, reputation of company and
6 legitation by government laws and regulations shareholders, punishment by law
not paying in time, not paying when invoices or documents are missing, when
7 correctly invoices are not re-conciled disputes, legal threats and letigations, reputation
Suppliers
when employees are company management reputation to company, increased cost of
8 harrased for bribery harrassse suppliers for bribes procurement
when company deliver goods are services later
9 not receiving deliverys on time than promised deadline reputation, loss of recurring business
Customers errors or poor quality in goods and when company deliver poor quality goods and
10 services services not meeting customer expectation reputation, loss of recurring business
11 late payments by customers when customers do not pay on time liquidity problem, cashflow problem
Government changes on lawas and regulations impacting cost of
Regulations & production, increased taxation/decreased cost of increased cost jeopardizing profit or increased
12 policies change of law and policies production price, decreased cost earning more profit
loss of recurring business, loss of earnings and
customer's taste and expectation change and do not profits, grasping customer taste change can create
13 Customer Taste change in customer taste want company's current products/services anymore new earnings
Currency when cost input and income from outputs are in
14 Appreciation/Depreciation different currencies loss of earnings and profits (or) increased profits
Economic condition
Good economic condition increase consumer increased incomes as consumers demand for
15 spending power of consumer spending power higher end products and services
STEPS OF RISK ASSESSMENT:
IDENTIFICATION OF POTENTIAL RISKS

On the “Risk Matrix”, all potential “risk” events are identified and their
positive or negative impacts are identified.

Negative impacts identified are to be brought forward to next step of

assessment of severity of impact. Once severity of impact are charted in the
“risk matrix”, risk assessment process is completed and the next steps of risk
management processes will continue.

Positive impacts identified are considered to be opportunities and not

processed further for risk assessment. Instead, the opportunities can be listed
and plans to grasp the opportunity with related timelines to achieve can be
made in a systematic manner.
STEPS OF RISK ASSESSMENT:
ASSESSMENT OF SEVERITY OF IMPACT

The next step of Risk Assessment is “to assess the severity of impact” for the negative impact
risks.
Simple way to assess the severity of impact is to derive a value from probability measurement.

Following is the usual formula to make assessment of severity of impact.

Probability of Risk Event Occurrence X Expected Loss in the case of Risk Event Occurrence
STEPS OF RISK ASSESSMENT:
ASSESSMENT OF SEVERITY OF IMPACT

Example of 3x3 severity matrix

STEPS OF RISK ASSESSMENT:
ASSESSMENT OF SEVERITY OF IMPACT

Example of 4x4 severity matrix

STEPS OF RISK ASSESSMENT:
ASSESSMENT OF SEVERITY OF IMPACT

Example of 5x4 severity matrix

STEPS OF RISK ASSESSMENT:
ASSESSMENT OF SEVERITY OF IMPACT

Example of 5x5 severity matrix

APPLICATION AREAS OF RISK ASSESSMENTS
The example risk assessments provided are for a typical project or a company and the
sources/stakeholders, problem/threats, influencing factors, likelihood of occurrence and severity of
impact will differ from one project to another project, one company to another company. Other
than Projects or Companies, Risk Assessments is applied in other areas also.

In an example application of General Public Health, multiple legislations can be formulated by

each country based on the assessments of likelihoods of risk events happening, the severity that
can impact the general population. Lawmakers weigh the resources to utilize to impose legislative
risk mitigation measures for General Public Health. Followings are events that are usually
assessments made for General Public Health in many countries:

- Risk Assessment on Safe Drinking Waters leads to Safe Drinking Water Act of 1974 in US
- Risk Assessment on cancer causing toxicity level in foods leads to FDA legislations in many
countries
- Risk Assessment on toxicity of chemical emissions in air and water harming the public health
leads to Environmental laws in many countries to protect the discharge of toxic waters of
chemical emissions from plants and factories (for example, power plant, beer factory)
APPLICATION AREAS OF RISK ASSESSMENTS

In Mega Infrastructure Projects costing billions of US dollars, the same steps of risk management
and risk assessment methods are applied although in more refined matrixes. Such projects does not
look source/stakeholders as a construction project only, but risks are considered in many scenarios
such as,
- Financial Aspects
- Safety Aspects
- Social Aspects
- Environmental Aspects

Examples of Mega infrastructure projects are bridges, tunnels, railways, airports, seaports, power
plants, dams, oil & gas extraction projects etc.
 SUMMARIZATION
Risks are uncertain outcomes of an event.

Not all Risks are to be avoided. Risks with Negative impacts are to be avoided or mitigated. Risks
with Positive impacts are opportunities to grasp.

Risk Assessment is part of the Risk Management Process.

3 types of Risk Assessments, individual, systematic and dynamic.

4 Steps in Systematic Risk Assessments. Dynamic risk assessment is used after emergency
situations finished to evaluate the effectiveness of a risk management plan.

Identifying source/stakeholders, find any problems/threats to them or caused by them, identifying

its consequences, identifying probability of occurrence and severity impact are the 4 steps of risk
analysis process.
All of such information are charted in risk matrix to prioritize how to “manage risk”.

Systematic Risk assessment and risk management are applied in government legislations, mega
projects, construction project, or a company.
QUESTIONS & ANSWERS
THANK YOU.