Risk Management

A PROJECT OF BUSINESS REASEARCH

Division of Social Science & Arts University of Education, Lower Mall Campus, Lahore

Risk Management

SUBMITTED TO :
PROF. RASHID SALEEM

SUBMITTED BY: ROLL NO:

QURAT-UL-AIN

BBA-08-O17

Division of Social Science & Arts University of Education, Lower Mall Campus, Lahore

Risk Management

DEDICATED TO MY LOVING MOTHER AND YOUNGER BROTHER

Risk Management

ACKNOWLEGMENT
First of all I thank allah almighty for giving me abiliy to make this project in time. I would like to thank Prof. Rashid Saleem for their direction, assistance, and guidance In particular; recommendations and suggestions have been Invaluable for the project. Words alone cannot express the thanks I owe to my mother, for her encouragement and Assistance and being so supportive to me. Finally Special thanks should be given to my friends who helped me in many ways.

Risk Management

Risk management
Sheila Robinson, (1987) Risk management

Abstract:
Facilities managers are undertaking an increasing responsibility for day-to-day risk management. They are in the unenviable position of providing support that is only acknowledged if it fails if there is a major disaster. Risk is now being analysed in terms of the financial impact on operational productivity the facilities manager will only be seen to have achieved success if any negative financial impact on operational productivity is avoided or at least minimised. Primarily this means recognising the areas of risk; then using this awareness to develop means of minimising risk without affecting operational effectiveness. In todays world only those managers are considered successful who react properly to any change. In many cases risk managers are brought onto discuss financial processes because thay have the ability and training to determine what potential losses and gains can occur from any given process or financial change.

Risk identification basic stage in risk management

Lubka Tchankova, 2002 Risk identification basic stage in risk management

Abstract:
In this paper risk identification is investigated as a basic stage in risk management. The risk identification phase as the first stage in the risk management process is presented and its leading role for effective risk management is proved. The basic terms that are necessary for building of the frame approach for risk identification are defined: sources of risk-hazard, factor-peril-resources exposed to risk. A classification of risk sources physical, social, political, operational, economic, legal and cognitive environment is proposed. It allows covering all types of risk facing the organization. A grouping of the resources exposed to risk such as physical, human, and financial resources is introduced. It is based on a practical consideration of the risk situations in the organisations. Risk identification is a basic stage in risk management. Risk identification begins at the earliest stage of a project and continuous throughout the project life cycle. Organization should anticipate project risks and implement the necessary controls before risks become insurmountable.

Risk Management

Risk management of organisational records

Angel Egbuji, 1990 Riskmanagement of organisational records Abstract: The impact on business of the failure to manage non-financial risks has been repeatedly demonstrated during the 1990s.1 Businesses are constantly faced with the need to manage change within their organisation. Change generates choice, which carries risk. This paper is a study of a range of issues to be addressed in risk management of organisational records. Such a study needs to begin with a consideration of the management of risk in general. The paper concludes that for risk management of organisational records to be effective, it needs to be incorporated into the decision-making process of the organisation making it central to all activities. Risk management of records needs to be proactive not reactive. Project managers typically classify risks as either threatsor opportunities. The practice of risk identification focuses on reducing the probability and impact of a threat while increasing the probability and impact of opportunity.

A systematic approach to risk management for construction

Anthony Mills, (2001) A systematic approach to risk management for construction

Abstract:
Systematic risk management is expecting the unexpected it is a tool which helps control risks in construction projects. Its objective is to introduce a simple, practical method of identifying, assessing, monitoring and managing risk in an informed and structured way. It provides guidance for implementing a risk control strategy that is appropriate to control construction projects at all levels. This paper will review systematic management approaches to risk. It discusses the allocation of risk and suggests that risk needs to be identified and managed early in the procurement process. In addition, a case study of a small project that was affected by difficult economic circumstances is included to demonstrate the effectiveness of systematic risk management. In construction, risk management involves the formulations of a plan in order to systematically identify measure and monitor risks. It is extremely useful to take a structural approach to this by creating a simple risk management strategy and reviewing it regularly and creating, marinating and updating a risk log as risk changes.

Risk Management

Application of systems thinking to risk management:: a review of the literature

Diana White, (1995) "Application of systems thinking to risk management:: a review of the literature",

Abstract:
Systems thinking are holistic, that is it deals with wholes rather than parts and is relevant to tackling ill-structured messy problems. Reviews the literature on risk to identify the techniques and concepts used in the management of risk and the identification of potential failures. The majority of the concepts identified are found to be systematic and reductionist. Also identifies related concepts not used in the techniques which are found to be more holistic. Classifies the concepts according to their use and holistic qualities. Briefly describes a systems approach to failures. As risk is associated with uncertainty and ill-structured problems, suggests that systems thinking could be a valuable aid to risk management As we need to be holistic when managing risks and thats what system thinking do for us. If organization become better at system thinking, it will be more successful at managing internal and external risks System thinking views risks as part of an overall system rather then reacting to specific part.

Risk Management in a Service Business

Kenneth W. Hollman, Jack E. Forrest, (1991) "Risk Management in a Service Business",

Abstract:
Service businesses, like product manufacturers, face loss exposures-sets of circumstances that could give rise to losses. The losses may never occur, but the firm must plan for the possibility that they will. Risk management involves the treatment of loss exposures in a cost-effective manner to protect the firm against losses of a fortuitous nature. The risk management process as it is applied in a service business is described. The process involves a five-step sequence that service organisation managers can use to detect and evaluate loss exposures, select and implement techniques to treat them, and monitor the results of their efforts. Though the focus is on service firms, many of the risk management ideas discussed are applicable to other types of organisations. Risk resilient organization must objectively assess their existing risk management capabilities, evaluate their organizational culture with regards to risk, performance and reward and implement sustainable risk management practices.

Risk Management

The effect of intervening conditions on the management of project risk

Elmar Kutsch, (2008) "The effect of intervening conditions on the management of project risk",

Abstract:
Purpose The purpose of this paper is to highlight the main findings of a successfully defended doctoral thesis that studied factors or interventions causing the discrepancy between how adequate project risks should be managed and how project risks are actually managed. Design/methodology/approach The approach involved interviews and a survey using questionnaires gathered data from project managers about their experiences with project risk management during two phases of fieldwork. The first phase included in-depth interviews with information technology (IT) project managers in order to explore patterns involving risk mediators and their influence on project risk management. A web-based survey was used in the second phase for the purpose of testing these patterns on a wider range of project managers. Findings Specific risk-related interventions strongly influence the effective use of project risk management: project managers tended to deny, avoid, ignore risks and to delay the management of risk. Risks were perceived as discomforting, not agreed upon. IT project managers were unaware of risks and considered them to be outside their scope of influence and preferred to let risks resolve themselves rather than proactively engaging with them. As a consequence, factors such as the lack of awareness of risks by IT project managers appeared to constrain the application of project risk management with the result that risk had an adverse influence on the outcome of IT projects. Practical implications The underlying rational assumptions of project risk management and the usefulness of best practice project risk management standards as a whole need to be questioned because of the occurrence of interventions such as the lack of information. IT project managers should first prevent risk-related interventions from influencing the use of project risk management. However, if this is not possible, they should be prepared to adapt to risks influencing the project outcome. Originality/value The paper contradicts the myth of a self-evidently correct project risk management approach. It defines interventions that constrain project manager's ability to manage project risk. Project managers often skip the risk management process because the sponsor wants them to start quickly without wasting time on paper work like risk management but its consequences can be very dangerous. Project manager should undertake a simple assessment process, investing as little as an hour and possible saving days of lost time.

Risk Management

Risk management in practice: how are we managing?

Anne Harris, (2000) "Risk management in practice: how are we managing?",

Abstract:
Aims to identify awareness of and involvement in risk assessments, training, incident reporting, information giving and consenting in an acute health care context. Explores how nurse managers perceived risk management as a concept and if they saw advanced neonatal nurse practitioners having a role to play in this activity. The method used was a postal survey of 62 nurse managers or clinical specialists responsible for neonatal nursing care services within NHS Trusts in the UK. Results show that while the nurse managers studies understood the definition of risk management in general, they were more vague about certain aspects of that definition. The nurse managers appeared to be passive in their dissemination and taking forward of risk management strategies, rather than proactively promoting and helping them forward as may be expected in facilitative managerial behaviour. Concludes that the challenges of clinical governance demand more proactive approaches to effect and demonstrate change, and support ongoing clinical quality improvements. Public concern about the management and delivery of health care services is near the top of the national agenda, factors and policies influencing health care system are points of consideration for health care industry. Only through the competent management of risk and human resources can health care department protect profits in todays tough business climate.

Risk Management

A framework for integrated risk management in information technology:

Kakoli Bandyopadhyay, Peter P. Mykytyn, Kathleen Mykytyn, (1999) "A framework for integrated risk management in information technology", Management Decision,

Abstract:
The use of information technology (IT) in organizations is subject to various kinds of potential risks. Explores the environment of IT in organizations, identifies the probable threats, and proposes a framework for integrated risk management. The risk management process has four major components -- risk identification, risk analysis, risk-reducing measures, and risk monitoring. The framework can be used to guide organizations in reducing the losses resulting from the realization of threats to IT use Risk management should include a proper path way to identify, measure and control risk or any change in the environment by following specific steps of risk management. 1- Identify critical and non critical risks. 2- Document each risk in depth by completing risk forms. 3- Take action to reduce the like hood of risks occurring.

The effectiveness of risk management: measuring what didnt happen

John F. McGrew, John G. Bilotta, (2000) "The effectiveness of risk management: measuring what didnt happen", Management Decision

Abstract:
Two of the most common reasons for not implementing a risk management program are cost and benefit. This paper focuses on whether the benefits of intervention can be shown to justify the costs. A confounding factor is that the acts of intervention during a risk management program may alter the outcome in ways we cannot separate and therefore cannot cost out. A second confounding factor is response bias the tendency of individuals consistently to underestimate or overestimate risk, resulting in interventions that may be ineffective or excessively wasteful. The authors demonstrate that signal detection theory (SDT) can be used to analyze data collected during a risk management program to disambiguate the confounding effects of intervention and response bias. SDT can produce an unbiased estimate of percent correct for a risk management program. Furthermore, this unbiased estimator allows comparison of results from one program to another.

10

Risk Management Risk management is not about avoiding risks altogether. It is about facing risks deliberately and systematically, avoiding unnecessary risk and carefully manages the risks that you have decided to take. The more risks are controlled, the more confident organizations are in retaining them. Retaining them may mean an improve probability of making better returns for your investment.

Future trends and challenges of financial risk management in the digital economy
Steven Li, (2003) "Future trends and challenges of financial risk management in the digital economy"

Abstract:
In this paper, the future trends and challenges of financial risk management are considered. First, the historical developments and current status of financial risk management are assessed. Then, key features of the financial industry in the digital economy are discussed. It is argued that the technology innovations, particularly in computing and telecommunication, will continue to have an important influence on the future development of financial risk management. Based the past and present of financial risk management as well as the general trends in the financial industry, some future trends and challenges of financial risk management in the digital economy are discussed. Finally, some implications for financial institutions, corporations and emerging economies are given. Financial risks arises through countless transactions of a financial nature, including sales and purchases, investment and loans and various other business activities, financial risks can be managed by the increased technological innovations in the digital economy.

11

Risk Management

Embedding risk management: structures and approaches

Ian Fraser, William Henry, (2007) "Embedding risk management: structures and approaches"

Abstract:
Purpose The paper aims to report research into ways by which companies identify risks and embed risk management and control procedures and also to report on interactions between internal audit and audit committees and their contributions to risk management. Design/methodology/approach The first section of the paper comprises a review of the literature on risk management and the roles played by internal audit and audit committees. The paper then reports the results of a series of interviews with officers in UK plcs and external auditors on the issues identified from the literature. Findings There was agreement that, while parent boards have ultimate responsibility, the ownership of risks must reside with management at lower levels. Companies tended to adopt a multi-procedural approach to developing consistent risk management procedures. Internal auditors were believed to have a role to play but concerns were expressed about expertise and independence. The paper recommends a split of the internal audit and risk management functions to preserve internal audit independence and clarify internal audit roles. Audit committees are increasingly involved in risk management but there are doubts as to whether they have the time and expertise to undertake more than high level risk reviews. The paper, therefore, recommends that separate risk committees should be established to direct risk management, with audit committees adopting a watching brief over the process. Originality/value The Turnbull Report emerged against a background of growing demand for assurance on risk management and control effectiveness and the approach adopted has been endorsed by the Turnbull Review Group. This paper is a timely evaluation of the work being done by UK plcs in this area and indicates that there are issues to be resolved before risk management is fully embedded in company operations. Risk management has to the embedded in business processes to ensure that it is being practices and made part of the culture of the organization. The embedding should cover all areas of management from strategic to operational level. Processes at all levels of an organization strategic, technological and operational needs to embed risk management. The embedding should from the design to implementation.

12

Risk Management

Risk management: finding the value within

Vicky Kubitscheck, (2000) "Risk management: finding the value within"

Abstract:
Wonders why there is so much excitement about risk management? States, whatever the reason that organizations may lose out if they do not use the real value within the regulatory requirements (Turnbull/Combined Code). Posits that the effectiveness of risk management depends wholly on the skills, knowledge and commitment of those applying them. Concludes that if a reporting process is linked into the management process it will sustain proactive risk management enabling an organization to find the value enclosed. A business focus, understanding that risks are part of running a business and you neither cannot should eliminate them. If you eliminate risk, you eliminate the businesses. Risk Management is about how you deal with uncertainty taking advantage of opportunities and limiting downsizes exposure deliberately and with knowledge of what you are doing.

A risk management model to assess safety and reliability risks

V.M. Rao Tummala, Y.H. Leung, (1996) "A risk management model to assess safety and reliability risks"

Abstract:
Evaluating project proposals with respect to safety and reliability objectives is extremely complex. Several tangible as well as intangible factors need to be considered. Also, most often these factors are difficult to measure objectively because of their nature and the lack of factual data and information. In addition, they involve uncertainties and risk. The project managers need to enumerate systematically all potential risk factors affecting the safety and reliability objectives of the project, determine the consequences and the impact of their severity, assess the likelihood of the occurrence of these consequences, and select the best course of action to contain and control risks in order to meet the specified project objectives. Develops such a framework by integrating system hazard analysis with the core elements of the risk management process (RMP) to assess potential risks and to evaluate response actions to control and manage the identified risks to satisfy the predetermined safety and reliability objectives. Managers need to consider many internal or external factors, many vague or unclear factors. This is complex step as there could be no factual data available to evaluate or even detect the risks. 13

Risk Management In this regard Data Risk Management (DRM) is useful. Managers should undertake following framework for data risk management: 1: data classification to locate sensitive data. 2: value reliability assessment to discover systems weaknesses. 3: user right management to identify and remediate internal risks.

Effective risk management outcomes: exploring effects of innovation and capital structure
Torben Juul Andersen, (2009) "Effective risk management outcomes: exploring effects of innovation and capital structure", Abstract: Purpose The purpose of this paper is to argue that strategic responsiveness is of paramount importance for effective risk management outcomes and to introduce an empirical study to demonstrate this. Design/methodology/approach Real options logic is adopted to explain how effective risk management capabilities improve performance and how innovation and financial slack enhance this effect. The propositions are examined across 896 companies using twostage least square regressions. Findings The study reveals that risk management effectiveness combines both the ability to exploit opportunities and avoid adverse economic impacts, and has a significant positive relationship to performance. This effect is moderated favorably by investment in innovation and lower financial leverage. Research limitations/implications The analysis is based on a sample of large firms, which may affect the generalizability of results. Nonetheless, the study shows that effective risk management capabilities differentiate the firms and determine success and failure. It further underscores the importance of combined innovation policy and capital structure decisions as firms deal effectively with risk and uncertainty. Practical implications The findings indicate that corporate management must consider commitments for innovation and financial slack to enhance positive risk management effects. This result is in dire contrast to traditional beliefs that tighter resource management and higher financial leverage lead to better economies. Originality/value This is one of few studies to explicitly consider strategic responsiveness as instrumental for effective risk management outcomes while investigating the economic effects associated with the ability to combine generation of upside gains and downside loss avoidance. The goal of risk management is to create an approach which is structured when its comes to handling uncertainty especially those which are related to threats. Effective risk management plan must be comprised for no. of important things, 14

Risk Management and these risks include risk assessment, along with strategies that are designed to migrate risk. Much of this will be done through the usages or managerial tools.

Top management team, international risk management factor and firm performance
William C. Auden, Joshua D. Shackman, Marina H. Onken, (2006) "Top management team, international risk management factor and firm performance

Abstract:
Purpose The paper seeks to address four key Top Management Team (TMT) demographic characteristics in their relationship with firm performance: age, functional background, educational field, and team tenure. The study extends research on the TMT by explicitly introducing team performance as a new context measured in the form of International Risk Management Factor, in addition to demographic characteristic effects. International Risk Management Factor is developed based on multiple international risks trading off theory. In order to calculate that factor International Risk Management Index is introduced. Design/methodology/approach In the paper a sample of 212 firms was used, including 4,009 executives; also four hypotheses were tested. The hypotheses were tested using multiple regression analysis. Findings The findings in this paper support the proposition that top management team is an appropriate unit of study, due to its impact on firm performance. The results indicate that there is a significant correlation between TMT demographic characteristics and firm performance. This study concluded that three of the proposed four TMT demographic characteristics, including age, functional background, and team tenure influence firm performance. Results validate the proposition that TMT demographic characteristics show a significant positive correlation with firm performance, particularly when the accounting measure is applied. In addition, Top Management Team performance was positively correlated to team tenure, suggesting that as team tenure progresses team performance improves. Originality/value The paper differs in many features from previous research. Some of the most important aspects include scope of the study, scale of the sample, complexity of the moderated variable, uniqueness of moderated variable operationalization, and innovation in calculating International Risk Management Factor. For the first time, the study focuses exclusively on Top Management Team performance. The concept, which captures complexity of all TMT characteristics, is not included in demographic characteristics of TMT One of most common international risk management factor is team performance, which can generate opportunity or threat for a company. Team tenure is a factor

15

Risk Management responsible to control team performance. As team performance increases, ability to systematically manage risk do increases too.

The management of translation exchange rate risk in multinational companies: A note

Dr Alpa Dhanani, (2001) "The management of translation exchange rate risk in multinational companies: A note"

Abstract:
According to academics, the translation form of exchange rate risk does not affect the market value of a firm and as a result should not be managed by corporate managers. Research to date, however, suggests that many multinational companies (MNCs) actively monitor and manage their translation exchange risk. Thus, either corporate management fail to understand the irrelevant nature of this risk or there are other factors that need to be considered. This paper extends the current literature by examining these issues; in particular, it examines whether MNCs continue to manage their translation exchange rate risk and if so what their reasons are for the specific practices. Results suggest that the gearing ratio, itself a measure of risk, is largely responsible for the management of the translation process. Further, some companies seek to manage their profit and loss translation exchange risk, a risk resulting from the impact of the translation process on the profit and loss account. Preferred management strategies include the currency denomination of debt and use of financial instruments such as forward contracts. Capital market imperfections reflected in binding loan covenants, agency theory problems and the assumption of inefficient market behaviour explain the observed corporate management behaviour. The main exchange rate risk to an operation or investment is that any profits realized will be partially reduced or wiped out together, when they are exchanging for the domestic currency.

A business approach to effective information technology risk analysis

16

Risk Management

and management
Sharon Halliday, Karin Badenhorst, Rossouw von Solms, (1996) "A business approach to effective information technology risk analysis and management",

Abstract:
Suggests that a number of difficulties are experienced by organizations using conventional risk analysis and management. Conventional refers to those methodologies which are based on the traditional asset/threat/vulnerability model. Identifies a need for an approach that is more suitable for smaller organizations, as well as organizations requiring a quicker, more simplified and less resource-intensive approach. In light of this requirement, proposes an alternative approach to effective information technology (IT) risk analysis and management. This approach has a business-oriented focus from an IT perspective. I.T risk analysis can perform better and quicker the conventional methods used to detect and measure risk. While I.T risk analysis and management are very quicker and provides organization with reliable information to detect, measure and control risk. Multinational Companies use I.T risk analysis to detect and monitor internal and external risks.

Supply chain risk management

Peter Finch, (2004) "Supply chain risk management",

Abstract:
This article presents a secondary analysis of the literature, supplemented by case studies to determine if large companies increase their exposure to risk by having small- and medium-size enterprises (SMEs) as partners in business critical positions in the supply chain, and to make recommendations concerning best practice. A framework defining the information systems (IS) environment is used to structure the review. The review found that large companies exposure to risk appeared to be increased by inter-organisational networking. Having SMEs as partners in the supply chain further increased the risk exposure. SMEs increased their own exposure to risk by becoming partners in a supply chain. These findings indicate the importance of undertaking risk assessments and considering the need for business continuity planning when a company is exposed to inter-organisational networking.

17

Risk Management Supply chain risk management is a discipile of risk management which attempts to identify potential disruptions to continued manufacturing production and thereby commercial financial exposure. SCRM attempts to reduce supply chain vulnerability via a co-ordinate holistic approach, involving all supply chain stake holders, which identifies and analysis the risk of failure points within the supply chain.

Risk management and the medical profession

Margaret ODonovan, (1997) "Risk management and the medical profession"

Abstract:
Explores the need for risk management in a health care setting in both financial and personal terms. Sets out the stages of a risk management programme. Stresses the need to incorporate such a programme in every hospital setting in order to reduce negligence claims so that scarce resources can be directed more towards patient care. The identification, analysis and control of risks support the assets, good name and earning capacity of a hospital. Risk Management Programme consists of both proactive and reactive components. Proactive components include activities to prevent adverse occurrences and a reactive component includes actions in response to adverse occurrence. The process of risk management e.g. 1: diagnosis 2: assessment 3: prognosis 4: management. If properly applied can be very beneficial for healthcare. As the risks minimize the earning capacity and good will of hospital enhancing.

Risk of outsourcing applying risk management techniques to staffing

18

Risk Management

methods
Jane Marie Downey, (1995) "Risk of outsourcing applying risk management techniques to staffing methods"

Abstract:
Advances the idea that many companies are trying not to hire permanent employees, but instead are hiring temporary workers to reduce costs. By having temporary workers, however, new risks are assumed in terms of facility management. Analyses employee leasing, contracting, temporary agencies, consultants and professional services, and explains the need to hold harmless agreements for vendors and workers. Out sourcing generate many risks. Risk bases supervision indicates that an institution cannot avoid the risk of an important activity by having someone else do the job. The institution retains responsibility for the activity, no matter where it may be handled and as such it needs to understand the risk characteristics of the out sourced provider and monitor them.

Risk management in Nepal: organisations and programmes

Meen B. Poudyal Chhetri, (2003) "Risk management in Nepal: organisations and programmes",

Abstract:
Nepal is one of the most natural disaster prone countries in the world. Variable climatic conditions and active tectonic processes have made her vulnerable to various types of natural disasters. In addition, other man-made factors such as unplanned settlement, lack of public awareness, increasing population, weak economic condition and low literacy rate have also made her vulnerable to various types of natural disasters. With these factors in view, advanced technology and sufficient resources are really needed to mitigate natural disasters in Nepal. Moreover, various types of training and other educational programmes are highly needed to raise disaster awareness among the vulnerable population. Hazard mapping, vulnerability assessment and risk analysis are to be developed. Being a developing and agriculture based country insurance has not yet been widely developed in Nepal except in some big establishments and households. Therefore, the role of insurance has to be recognised in the risk management in Nepal. The Department of Disaster Management in the Ministry of Home Affairs is the focal agency for disaster management in Nepal, which formulates national disaster management 19

Risk Management policies and implements them. The preparedness and mitigation, immediate rescue and relief work, data collection and dissemination, and the mobilisation of funds and resources are the main responsibilities of the Department. Despite various problems, the Department is gradually moving forward to improve the disaster management situation in Nepal. Being a developing country Nepal needs support from international communities and friendly nations to strengthen her capabilities for disaster mitigation programs. Nepal is a hotspot for geophysical and climate hazards. The country is relatively ranked very high in terms of vulnerability to natural climate. The risk is increasing very rapidly mainly due to the growth in population. Another major factor for the increasing risk is the lack of favorable policy and legal environment commensurate with the present day situation, needs, opportunities and resource availability.

Strategically managing risk in the information age: a holistic approach

Eric G. Olson, (2005) "Strategically managing risk in the information age: a holistic approach",

Abstract:
Purpose Business leaders can apply key messages as early as today to build stronger operations that are less susceptible to risks of all types. Findings can be applied at all levels in any organization, from the entire enterprise down to discreet projects. The article emphasizes that today's strategic change initiatives should all consider their impact on holistically developed risk management strategies. Approach Hypotheses are explained, developed, and supported by a number of actual cases across several diverse industries. Case studies that illustrate both success and failure are explored. Once the hypotheses are developed and supported with specific cases, the findings are generalized and a series of well-developed industry accepted practices for resolving the key issues are articulated. Findings The way a business approaches risk management in today's digital age can make the difference between success and failure. Risk management strategies should be developed with holistic, broad views of business operations, and tailored to accommodate the different types of exposure specific to an individual business or operation. Originality/value This article illustrates the importance of having holistic, welldeveloped risk strategies with real-world cases and industry-accepted practices. Where information-age risk management strategies were employed, companies succeeded. Other cases were not so fortunate. One especially counter-intuitive notion is that businesses have traditionally developed external alliance networks to reduce risk and create differentiated business models that lock-in customers and lock-out competition. However, 20

Risk Management as many businesses are experiencing, integrating alliance partners into otherwise low-risk value chains actually introduces new risks that have been largely ignored until recent years. To minimize risks or failure, holistic approach is required for any business. All changes that can occur in future must be identified before it gives any harm to business. People who engage in managing risk should holistically take the reviews of operational, technical, middle and top management because technical and operational staff does engage more in day to day activities of business and hence know very much about the changes that can influence the business

Management of risks in information technology projects

David Baccarini, Geoff Salm, Peter E.D. Love, (2004) Management of risks in information technology projects,

Abstract:
Information technology (IT) projects are renowned for their high failure rate. Risk management is an essential process for the successful delivery of IT projects. In-depth interviews with IT professionals from leading firms in Western Australia were undertaken to determine how IT risks were managed in their projects. The respondents ranked 27 IT risks in terms of likelihood and consequences to identify the most important risks. The top five risks, in order, were: personnel shortfalls; unreasonable project schedule and budget; unrealistic expectations; incomplete requirements; and diminished window of opportunity due to late delivery of software. The respondents overwhelmingly applied the treatment strategy of risk reduction to manage these risks. Furthermore, these strategies were primarily project management processes, rather than technical processes. This demonstrates that project management is a risk management strategy. Scope, quality management, and human resource management were solutions applied to several risks. In particular, managing stakeholders expectations is a specific risk treatment that helps to manage several key IT risks. Amongst top risk in I.T projects are unrealistic expectations and unreasonable budget and schedule. To manage there risk quality management and proper HR management is necessary.

21

Risk Management

Process or behaviour: which is the risk and which is to be managed?

Jyoti Navare, (2003) "Process or behaviour: which is the risk and which is to be managed?"

Abstract:
Based on the belief that it is behaviour which constitutes risk rather than procedures, the paper focuses on the awareness of behavioural aspects in risk management techniques and the consequences that arise out of this awareness. It questions the traditional thinking that risk management is predominantly a set of procedures in the control of risk. The paper also considers the part played by public policy in managing risk and changing behaviour. The paper concludes that it is behaviour, and not the set of procedures, which is the risky factor; therefore in risk management there is need to focus on developing human behaviour that is capable of being flexible in an event. To consider every change a threat, can be dangerous for a business. As every change is not an opportunity so as every change is not a threat as well. Managers behavior towards any project is a risk factor. He should evaluate the change systematically and reach accordingly to that opportunity and threat.

22

Risk Management

RISK MANAGEMANT
In todays world only those managers are considered successful who avoid the any negative financial impacts on operational productivity or profits. Sheila Robinson, (1987). Project managers typically classify risk as either threats or opportunity. The practice of risk management focuses on reducing the probability and impact of a threat while increasing the probability and impact of probability. Angel, (1999). In many cases risk managers are brought onto discuss financial process because they have the ability and training to determine what potential losses and gains can occur from any given process or financial changes. Sheila Robinson, Judith Robertson, (1987). Risk identification is a basic stage in risk management. Risk management begins at the earliest stage of a project and continuous throughout the project life cycle. Organization should anticipate project risk and implement the necessary controls before risk become insurmountable. Lubka Tchankova, (2002). In construction risk management involves the formulation of a plan in order to systematically identify, measure and monitor risk e.g. risk should be identified and managed when purchase of goods from supplier occur in the construction business. It is extremely useful to take a structured approach to this by creating a simple risk management strategy and reviewing it regularly and creating, maintaining, and updating a risk log as risk changes. Anthony Mills, (2001). We need to be holistic when managing risks and thats what system thinking do for us. If organization becomes better at system thinking, it will be more successful at managing external and internal risks, because system thinking views risks as part of an overall system, rather then reacting to specific part. Diana White, (1995). Project managers often skip the risk management process because the sponsor wants them to start quickly without wasting time on paper work like risk management, but it,s consequences can be very dangerous. Project managers should undertake a simple risk assessment process, investing as little as an hour and possible saving days of lost time. Elemar Kutsch, (2008). Health care industries do need to focus on risk management too. Factors and policies influencing health care system are point of consideration for health care industry. Only through the competent management of risks and human resources can health care department protect profits in todays tough business climate. Clinical governance should provide services proactively that minimize the risk of losses and return on human capital. The process of risk management .e.g. 1- diagnosis 2-assesmant 3-prognosis 4management, if properly applied can be very beneficial for health care. As the risk 23

Risk Management minimizes the earning capacity of hospital enhances. Anne Harris, (2002) Margaret O Donovan, (1997). In IT department risk management is as necessary as the existence of technology in it. IT department should include a proper pathway to identify measure and control risks or any change in the environment. This can be done by following specific steps. 1- Identify critical and non critical risks, 2- document each risk in depth by completing risk forms, 3take action to reduce the likelihood of risks occurring. IT risk analysis can perform better and quicker then the conventional methods used to detect and measure risks. Conventional methods are time taking and no more reliable now in such a advanced world. Amongst top risk in IT projects are unrealistic expectations and un reasonable budget and schedule. To manage these, quality management and proper HR management is necessary. Kakoli Bandyopadhyay, Peter P. M ykytyn, Kathleen Mykytyn, (1999). Sharon Halliday, Karin Badenhorest, (1996). David Baccarini, (2004). Financial risks are now very important risks to consider, financial risks arise through countless transaction of a financial nature including sales and purchase, investments and loans and various other business activities. Financial risks can arise from three main sources. 1- exposure to change 2- arising from transactions with other organizations 3resulting from internal actions. . Financial risks can be managed by the increased technological innovations in the digital economy. Steven Li, (2003). Risk management has to be embedded in business processes to ensure that it is being practiced and made part of the culture of the organization. The embedding should cover all areas of management from strategic to operational level. Where risk management is embedded, risk management becomes intrinsic part of business planning and decision making. There is no direction taken without looking at potential risk and comparing them against the organizational risk appetite. Processes at all level of an organization: strategic tactical and operational needs to embed risk management the embedding should from the design to implementation. Ian Fraser, William Henry, (2007). A business focus, understanding that risks are part of running a business and you neither can nor should eliminate them. If you eliminate risk, you should eliminate the business. Risk management is about how you deal with uncertainty, taking advantage of opportunities and limiting downsize exposure deliberately and with knowledge of what you are doing Risk management can be effectively done by the proper use of skill and knowledge of those people who are working on it. Vicky Kubitscheek, (2002). Managers need to consider many internal and external factors, many vague and unclear factors. This is complex step as there could be no factual data available to evaluate or even detect the risk. In this regard data risk management (DRM) is useful. Managers can follow risk management process to discover and mitigate risks and weaknesses. V.M.Rao Tummala, (1996).

24

Risk Management The goal of risk manager is to essentially decrease the various risks which are associated with reaching any specific goal. Treats can come in a wide variety of different forms and some of them include: threats involving the environment, humans, technology, and politics. Your risk management strategy may not be effective if you use the wrong plan. Effective risk management plan must be comprised of a number of important things, and these things includes risk assessment along with strategies that a designed to mitigate risk. Much of this can be done through the usage of managerial tools. Torben Juul Andersen, (2009). One of most common international risk management factor is team performance, which can generate opportunity or threat for a company. Team tenure is a factor responsible to control team performance. As team performance increases, ability to systematically manage risk do increases too. William C. Auden, Joshua D Shack man, Marina H.Onken, (2006). The main exchange rate risk to an operation or investment is that any profits realized will be partially reduced or wiped out together, when they are exchanging for the domestic currency. A simple way to avoid the risk posed by exchange rate: dont go business abroad, defenses against exchange rate risk is almost as unrealistic: conduct all business in your home currency. To avoid these types of risk, proper identification and quantification of both risk and cost become prerequisites. Dr Alpha Dhanani, (2001). Supply chain risk management is a discipile of risk management which attempts to identify potential disruptions to continued manufacturing production and thereby commercial financial exposure. SCRM attempts to reduce supply chain vulnerability via a co-ordinate holistic approach, involving all supply chain stake holders, which identifies and analysis the risk of failure points within the supply chain. So risk management identifies its own need in this discipline too. Peter Finch, (2004). Viewing in the context of outsourcing risk management place its another major role in this concept too. Out sourcing generate many risks. Risk bases supervision indicates that an institution cannot avoid the risk of an important activity by having someone else do the job. The institution retains responsibility for the activity, no matter where it may be handled and as such it needs to understand the risk characteristics of the out sourced provider and monitor them. Jane Marie Downey, (1995). Nepal is a hotspot for geophysical and climate hazards. The country is relatively ranked very high in terms of vulnerability to natural climate. The risk is increasing very rapidly mainly due to the growth in population. Another major factor for the increasing risk is the lack of favorable policy and legal environment commensurate with the present day situation, needs, opportunities and resource availability. Meen B. Poudyal Chhetri, (2003).

25

Risk Management So to minimize risks or failure, holistic approach is required for any business. All changes that can occur in future must be identified before it gives any harm to business. People who engage in managing risk should holistically take the reviews of operational, technical, middle and top management because technical and operational staff does engage more in day to day activities of business and hence know very much about the changes that can influence the business. Eric G. Olson, (2005) W e should remember this thing in mind that to consider every change a threat, can be dangerous for a business. As every change is not an opportunity so as every change is not a threat as well. Managers behavior towards any project is a risk factor. He should evaluate the change systematically and reach accordingly to that opportunity and threat. Jyoti Navare, (2003) This thing should be in a managers mind that 0risk management is not about avoiding risks altogether. It is about facing risks deliberately and systematically, avoiding unnecessary risk and carefully manage the risks that you have decided to take. The more risks are controlled, the more confident organizations are in retaining them. Retaining them may mean an improve probability of making better returns for your investment. John F. McGrew, John G. Bilotta, (2000)

26

Risk Management

REFERNCES
01: Sheila Robinson, Judith Robertson, (1987) "Risk management", Facilities, Vol. 5 Iss: 10, pp.14 14 Article type: General review Publisher: MCB UP Ltd 02: Lubka Tchankova, (2002) "Risk identification basic stage in risk management", Environmental Management and Health, Vol. 13 Iss: 3, pp.290 297 Article type: General review Publisher: MCB UP Ltd 03: Angel Egbuji, (1999) "Risk management of organisational records", Records Management Journal, Vol. 9 Iss: 2, pp.93 116 Article type: Research paper Publisher: MCB UP Ltd 04: Anthony Mills, (2001) "A systematic approach to risk management for construction", Structural Survey, Vol. 19 Iss: 5, pp.245 252 Article type: General review Publisher: MCB UP Ltd 05: Diana White, (1995) "Application of systems thinking to risk management:: a review of the literature", Management Decision, Vol. 33 Iss: 10, pp.35 45 Article type: Literature review Publisher: MCB UP Ltd 06: Kenneth W. Hollman, Jack E. Forrest, (1991) "Risk Management in a Service Business", International Journal of Service Industry Management, Vol. 2 Iss: 2, pp.49 65 Publisher: MCB UP Ltd 07: Elmar Kutsch, (2008) "The effect of intervening conditions on the management of project risk", International Journal of Managing Projects in Business, Vol. 1 Iss: 4, pp.602 610 Article type: Research paper Publisher: Emerald Group Publishing Limited 27

Risk Management

08: Anne Harris, (2000) "Risk management in practice: how are we managing?", British Journal of Clinical Governance, Vol. 5 Iss: 3, pp.142 149 Article type: Research paper Publisher: MCB UP Ltd 09: Kakoli Bandyopadhyay, Peter P. Mykytyn, Kathleen Mykytyn, (1999) "A framework for integrated risk management in information technology", Management Decision, Vol. 37 Iss: 5, pp.437 445 Article type: Research paper Publisher: MCB UP Ltd 10: John F. McGrew, John G. Bilotta, (2000) "The effectiveness of risk management: measuring what didnt happen", Management Decision, Vol. 38 Iss: 4, pp.293 - 301 Article type: Conceptual Paper Publisher: MCB UP Ltd 11: Steven Li, (2003) "Future trends and challenges of financial risk management in the digital economy", Managerial Finance, Vol. 29 Iss: 5/6, pp.111 125 Article type: Research paper Publisher: MCB UP Ltd 12: Ian Fraser, William Henry, (2007) "Embedding risk management: structures and approaches", Managerial Auditing Journal, Vol. 22 Iss: 4, pp.392 409 Article type: Research paper Publisher: Emerald Group Publishing Limited 13: Vicky Kubitscheck, (2000) "Risk management: finding the value within", Balance Sheet, Vol. 8 Iss: 5, pp.38 - 41 Article type: General review Publisher: MCB UP Ltd 14: V.M. Rao Tummala, Y.H. Leung, (1996) "A risk management model to assess safety and reliability risks", International Journal of Quality & Reliability Management, Vol. 13 Iss: 8, pp.53 - 62 Article type: Research paper Publisher: MCB UP Ltd 15:

28

Risk Management Torben Juul Andersen, (2009) "Effective risk management outcomes: exploring effects of innovation and capital structure", Journal of Strategy and Management, Vol. 2 Iss: 4, pp.352 - 379 Article type: Research paper Publisher: Emerald Group Publishing Limited 16: William C. Auden, Joshua D. Shackman, Marina H. Onken, (2006) "Top management team, international risk management factor and firm performance", Team Performance Management, Vol. 12 Iss: 7/8, pp.209 224 Article type: Research paper Publisher: Emerald Group Publishing Limited 17: Dr Alpa Dhanani, (2001) "The management of translation exchange rate risk in multinational companies: A note", Journal of Applied Accounting Research, Vol. 6 Iss: 2, pp.30 54 Article type: Research paper Publisher: MCB UP Ltd 18: Sharon Halliday, Karin Badenhorst, Rossouw von Solms, (1996) "A business approach to effective information technology risk analysis and management", Information Management & Computer Security, Vol. 4 Iss: 1, pp.19 31 Article type: Conceptual Paper paper Publisher: MCB UP Ltd 19: Peter Finch, (2004) "Supply chain risk management", Supply Chain Management: An International Journal, Vol. 9 Iss: 2, pp.183 196 Article type: Case study Publisher: Emerald Group Publishing Limited 20: Margaret ODonovan, (1997) "Risk management and the medical profession", Journal of Management Development, Vol. 16 Iss: 2, pp.125 133 Article type: Research paper Publisher: MCB UP Ltd 21: Jane Marie Downey, (1995) "Risk of outsourcing applying risk management techniques to staffing methods", Facilities, Vol. 13 Iss: 9/10, pp.38 44 Article type: Literature review Publisher: MCB UP Ltd 22: Meen B. Poudyal Chhetri, (2003) "Risk management in Nepal: organisations and programmes", Managerial Finance, Vol. 29 Iss: 5/6, pp.20 35 29

Risk Management Article type: Technical paper Publisher: MCB UP Ltd 23: Eric G. Olson, (2005) "Strategically managing risk in the information age: a holistic approach", Journal of Business Strategy, Vol. 26 Iss: 6, pp.45 54 Article type: General review Publisher: Emerald Group Publishing Limited 24: David Baccarini, Geoff Salm, Peter E.D. Love, (2004) "Management of risks in information technology projects", Industrial Management & Data Systems, Vol. 104 Iss: 4, pp.286 295 Article type: Research paper Publisher: Emerald Group Publishing Limited 25: Jyoti Navare, (2003) "Process or behaviour: which is the risk and which is to be managed?", Managerial Finance, Vol. 29 Iss: 5/6, pp.6 19 Article type: Conceptual Paper Publisher: Emerald Group Publishing Limited

30

Risk Management

31