Risk Management Certification: Becoming A Risk Manager

A risk management certification is a great example of a rewarding and useful business accreditation that is achievable by any individual with sufficient academic training and work experience. These certificates are conferred by a variety of different oversight associations that monitor the risk management industry, and work with professionals and academics to move the industry forward.

Earning a certificate in this area can lead to a variety of different and rewarding careers. Each of these diverse paths represents a unique and exciting opportunity to realize an increased feeling of prestige and sphere of responsibility within the workplace, as well as earn a greater level of income. One example of a career in this area includes becoming a business management consultant that specializes in risk identification, analysis, and mitigation. However, the majority of individuals who obtain a risk certificate become internal risk analysts or risk managers within a specific organization

When an individual completes a certificate in risk, they are exposed to a broad, skill-based management training curriculum. This certification training prepares the individual to become a competent, resourceful, and contributing member of an organizations management team. A certified risk manager is trained how to identify the unique business risks the organization is exposed to, how to analyze both the risks themselves and the factors that drive their occurrence, how to quantify both the probability that these risks occur as well as their impact should they occur, how to prioritize the risks and devote appropriate resources to their mitigation, and how to monitor the organizations operation to predict when risks may occur.

A successful manager of risk must not only understand the ins and outs of risk identification and risk assessment, but must also possess an understanding of resource management and also be an effective communicator. This manager must be able to prioritize the risks the company is exposed to, and focus resources both efficiently and effectively on the mitigation of the most threatening risks.

Some other roles and responsibilities of a typical risk manager include;

Within some organizations a manager of risk is charged with overseeing the company’s compliance with government regulation, legal code, or industry specification.

This manager can either me a member of a risk oversight team, or be charged with overseeing the team itself. This team is responsible for conducting the day-to-day processes of risk management, and working with representatives of senior management to guide risk-mitigated decision making.

Adapting, developing, implementing, monitoring an organizational risk identification and monitoring policy that outlines and codifies the organizations approach to operational hazards.

Many organizations, especially larger company’s with expansive operations, have a top-level risk oversight position, such as a Chief Risk Officer. This C-suite level position is responsible for the overall effective and efficient governance of the organizations business risks, and reports to the company’s executive committee or its Board of Directors. Any individual that is interested in reaching this exciting, rewarding, and prestigious executive position would be very well served to earn a risk management certification.

The Paradox of a Predictable Failure in Risk Management

The current crisis the world fell into two years ago had certainly the widest range of qualifying attributes: financial, economic, social, industrial, and maybe lethal as it dramatically affected and eventually destroyed lives beyond the point of no return. Described by contemporary economists as the worst ever crisis experienced by America for a hundred years, it was however another repetition of what seems to be a cyclical phenomenon: the 1929 crisis, the energy crisis in 1973, that of 1997, and more recently the internet bubble. And despite the lessons learnt from the past, with the technology evolving exponentially and the refined risk management, societies, corporations, institutions, and governments failed yet again by not having the right controls at the right time, substantially creating spiraling consequences that took investors and the wider public by surprise. The causes of the 2008 crisis raised numerous questions, some of them leading to the foundations of today’s capitalism and one of the common sins of humans: greed. Nevertheless, one could have hoped that, with the dynamic of industrial countries and the norms of audit and compliance such as those of Basel II and III, in which operational risk and credit risk are separated, the international financial system would be protected against the collapse of the bank sector. But this was without counting on the intrinsic failures of these very norms, standards and risk management tools.

As a matter of fact, the crisis finds its roots in a simplified scheme: the lack of accountability, mortgages and default on large amounts of money against little income, and finally the liquidity for which the same institutions failed to have sufficient capitalization to cover immediate large needs when the whole system started to present default cracks. The problem of sufficient capitalization became a recent issue with the rise in the prices of commodities, whereas speculators can highly leverage their buying power without offering a real financial counterpart in exchange. And that’s certainly why French President Sarkozy recently called for more regulations on commodity markets. However, progresses in that sense are yet to be commonly agreed or applied by governments and leaders of industrial countries.

Overall, today it is the review or maybe the prosecution of an entire system that is taking place. Questions and concerns from governments, investors, officials, and ultimately the public have found few relevant answers so far. The lack of accountability and transparency from the protagonists directly or indirectly involved in the crisis has raised anger and consternation worldwide. The cynicism displayed by bankers and financial institutions who announced remarkable profits for the last quarter of 2010 may be perceived as a new alarm bell ringing for another major financial crisis yet to come.

This paper presents some of the key issues the financial crisis brought into light in terms of risk management and lack of control from corporations, banks, auditors, credit agencies, and governments. It does not aim to provide a solution but rather gives the reader a fair understanding of what could have been avoided or improved and what may come again should the global financial modus operandi not be drastically changed.

Analysis of the Financial Crisis

An article published in the International Business Time, Financial Risk Management: Lessons from the Current Crisis… So Far, ideally summarizes thesubstantial work that has been done to date to analyze the recent economic crisis and cites examples such as: “Enhancing market and institutional resilience (Financial Stability Forum); Credit risk transfer (Working Group on Risk Assessment and Capital); Observations on risk management practices during the recent market turbulence (Senior Supervisors Group); Supervisory lessons from the sub-prime mortgage crisis (Basel Committee on Bank Supervision); Study of market best practices (International Institute of Finance), and; Risk management practices including the identification of risk management challenges and failures, lessons learned and policy considerations (International Monetary Financial Committee).”

Todd Groome, adviser in the monetary and capital markets department of the International Monetary Fund (IMF) interviewed by the same magazine, asserted that “the epicenter of the market crisis was sub-prime mortgages and structured credit products. With them came innovative financing, such as asset backed security CDOs (Collateralized Deposit Obligations) which were followed by more potent variations such as CDO-squares (baskets of CDOs), and synthetic CDOs (CDOs combined with credit default swaps).” Risks were often under-estimated partly due to product complexity and over-reliance on quantitative analysis, including that done by rating agencies which produced reports that were either wrong or purposely misleading. As Groome pointed out, “taking write-downs in illiquid markets will amplify the loss.”

The downfall in housing prices impacted market downfalls. As such, creation or destruction of wealth often relates to consumer spending and as such may be uncertain. Meanwhile, the direction is quite similar. If one goes down, the other tends to follow. Negative trend implies negative trend. Nevertheless, weak risk management isn’t the only reason. Banks and financial institutions regularly rely on data related to a particular period. However, economies can also experience a non-recurring event when the economy moves into unknown or grey areas.

On another plane, bad risk management still played a role. The problem is that despite the fact the models given in a particular circumstance may have been correct pretty much everyone who has them will use them, all at the same time. This phenomenon tends to increase systemic risk and as such it relates to technical market analysis. Indeed, if there is a consensus amongst users over a specific event, say a bullish trend, everyone is likely to follow that trend and buy at the same time, thus creating a momentum. But for how long will this last?

Cracks in Risk Management and Regulation Opacity

The recent crisis also highlighted a failure in risk management on a large scale, due to a failure of the techniques employed, and the fact that some of the risk managers were not well informed. The home market in the U.S. was the nest in which everything began. Low interest rates and government promoting home ownership by with no or little regulations played a role in the increasing demand for home purchases. Underwriters passed questionable loans over highly leveraged investors in order to create even more loans, fueling a spiral of non-recoverable dirty assets.

What is flagrant today, looking back at the whole process, is the fact that the risk assessment tools used by some investors, despite their sophistication, did not give a realistic picture of what was happening. In other words, although they were certainly giving sufficient information on the potential risks that lending huge amounts of money to low income individuals would create, the likelihood of such risk spreading to a rather large population was totally dismissed by the whole chain of command. Modeling rare events is certainly what the error is all about and not taking them into consideration was the effect that catapulted the system towards a major failure.

Nevertheless, numerous risk managers and experts rang the bell for potential upcoming issues several years ago and whilst greed and arrogance are the common denominators, the irrationality of the markets also comes into light. Clinging desperately to what was an announced disaster seemed to have been the pattern of behavior that inflated the bubble until explosion.

Another root of today’s financial debacle are the regulations applied to some of the instruments used in financial markets. CDOs for instance, often containing a non-negligible part of subprime risk, were heavily exchanged without proper scrutiny from the rating agencies. Transparency becomes a crucial element in the markets’ sustainability. And this is when the accounting standards play a key role for liability valuation and, hence, transparency. The snow ball effect is obvious: no regulations lead to poor transparency, which equally leads to disaster. The financial accounting has proven to be relevant to convey useful and accurate information to markets. Nevertheless, the concept of fair value, for example introduced by the International Accounting Standard Board (IASB) and Financial Accounting Standard Board (FASB), is to “record values for assets and liabilities which are as close as possible to the values these instruments would have in an open market.” As confirmed by Heckman in his essay Transparency and Liability Valuation, the IASB and FASB don’t recognize any difference between methods for valuation of assets and liabilities, which has proven to have perverse consequences as some companies can use the process to turn losses into profits, since liabilities can be valuated at current market price. This has led to the misreading of the balance sheets and profit and loss statements of unscrupulous companies, providing the wrong information to investors and to some extent regulators themselves.

Impact of Liquidity and Failure of the Bank System

The current crisis has shed a light on the fact that the enterprise risk management should not only emphasize the risks to asset and liability values but also the liquidity risk. Liquidity risk is the probability of not having sufficient financial means to cover up liabilities. To some extent, posting collateral poses a liquidity threat as well. In fact, selling off an immature asset engages a loss. As the markets fall into problems, liquidity issues can be drastically worsened as liquid assets become non-liquid.

Liquidity management works pretty much like capital management. As such, the liquidity protection comes with sufficient liquid assets. On the other hand, consistency between cash flows of assets and liabilities can reduce risks pertaining to liquidity. Nevertheless, these strategies may show some limitations during conditions of heavily disrupted markets when credits are unavailable or unsecured. G. Venter in Modeling and Managing Liquidity Risk confirms that “modeling liquidity risk can start with stress tests.” As such, the current market is an example of situations intimately involving assets, liabilities, and credit facilities when cash flow adequacy becomes preponderant. The idea behind the scene is to take into account in the models the different factors which dramatically impact markets. The correlation between price and liquidity comes into the picture and adequately modeling these possibilities can certainly be worth further research.

In 2006, a couple of years before the eruption of the financial crisis, Iyer and Peydro-Acalde discussed the potential risks of an interbank contagion in their research paper Interbank Contagion: Evidence from Real Transactions. They exposed and tested the impact of interbank dependencies over a fraud cause. Interbank markets are crucial to provide liquidity into the overall financial system and actively play a role in monetary policies worldwide as well. The research of Iyer and Peydro-Acalde came to the conclusion that “as the exposure to the failed bank increases, the runs stemming from the higher fraction of deposits held by other banks drastically increase. These results lend support to the theories of financial contagion due to interbank markets.” This is indeed the exact phenomenon observed in 2008 when major banks reached the potential bankruptcy threat. The interbank markets dried up, obliging governments to first inject cash through loans, capital sharing or even nationalization.

As such, the Iceland bank system is now a school case of its own. The three main Icelandic banks, namely Glitnir, Landsbanki, and Kaupthing, were tightly interconnected. With a high reliance on similar macroeconomic models and business partners, they appeared to be dangerously related to one another already on paper. The chain reaction triggered by the difficulties of one bank would mean diminished confidence in other banks, thus shrunk liquidity available from potential resources and financial partners. The worst part of the picture lies in the fact that these three banks encompassed the vast majority of Iceland’s financial system. Hence, one would have conspicuously assumed that a possible failure would have a dramatic impact on the Icelandic economy. However, the reality was often disguised by biased official reports about the financial health of the Iceland bank system, which certainly contributed to further deepen the crisis as investors would be grossly misled.

Eventually, the arrogance of the system ended up in a painful stake. Borrowing in wholesale markets became an issue and banks chose to open high interest savings accounts pretty much everywhere in Europe. As such, Icelandic banks, with government permission, used these savers accounts to provide the liquidity they could not obtain elsewhere. At the end of the story, deregulation and uncontrolled privatization of the financial system in Iceland led to its demise. Lack of ownership from supervisory regulators and governmental bodies and failure to recognize a systemic risk in an artificial economic growth widely contributed to the fall-out of the Iceland financial institutions and overall system.

Ultimately, when the banks were heading for failure the Icelandic government opted for a gamble on resurrection rather than closing the banks down. The government’s bet failed and Iceland suffered a systemic crisis in return.

As reported by the Telegraph in its 10 March 2009 edition, it was now a matter of “twenty billion dollars here, $20bn there, and a lush half-trillion from the European Central Bank at give-away rates for Christmas. Buckets of liquidity are being splashed over the North Atlantic banking system, so far with meager or fleeting effects.” A very alarming situation, quite unreal as one may have observed.Numerous economists are now warning the world’s central banks to focus on the right issue now rather than later. Creating further liquidity without proper backup means such as gold or a strong economy is likely to fuel the disaster.

York professor Peter Spencer, chief economist for the ITEM Club, said at some point that the global authorities had just weeks to get this right: “The central banks are rapidly losing control. By not cutting interest rates nearly far enough or fast enough, they are allowing the money markets to dictate policy. We are long past worrying about moral hazard.” For instance, in Europe, the European Central Bank (ECB) was facing a dilemma with a record high inflation forecast at 4.1 per cent in July 2008, the highest since the monetary union advent. Meanwhile, the worse is probably yet to come as fragile countries such Iceland, and now Spain, Italy and Greece, which are sharply falling into recession, may be running out of liquidity and may have to be backed up by other European members. The question at the end is: Will the European tax payers accept to pay this bill when their own country is at risk? Hence, this may show the true reality of the Eurozone: the weak solidarity of a supposedly mature organization, in fact not quite yet ready for the real thrill.

Finally, major banks like Citigroup, Merrill Lynch, UBS, HSBC and others have recently stepped forward to reveal their losses. Two years after the crisis hit the world, the IMF (International Monetary Fund) estimated the total losses to reach $2.28 trillion. But it seemed to have been just a beginning.

Passing the Risk: Who is Next?

As described above, financial crises appear to be repetitions of History. Working cyclically, they differ from their inherent nature though. For instance, the current crisis rose from the weakening of the U.S. home market and became a global crunch. Furthermore, the fact that the problem spread from financial and banking sectors to the entire economy at a global scale in such a short time made it a quite unique momentum. Increased speed, advanced communications and information technologies evolving exponentially have created a greater risk with deeper and long lasting consequences as ever before. Global markets with stronger interdependence and high complexity are paradoxically more prone to correlated risks.

Most people are driven by the simple desire to succeed and do well financially. This means they work harder, enhancing productivity, creativity and innovation. But where and when does this legitimate feeling get overtaken by greed and unscrupulous envy? Why does a minority change the principles of innovation into a gambling leverage for immediate profits?

If one considers some of the past economic crises such as the London Market Excess (LMX) fall out in the late 80’s and the equivalent substitutes during the following two decades, they all started at some point from promising innovations. These initiatives were all new and seen as very profitable during the early stages. And they all implied a promise on huge benefits, fast and furious. However, the promise turned hopes into ruin and despair. Out of the multiple questions this series of dramatic and unfortunate events can raise, some of them could pose the problem of the impact of risk management that is meant to promote innovations that work and praise individuals for their will to succeed.

Two important factors can shed some light: the fact that new communication means have propelled the finance community to another level of instant profits driven by frenetic greed. Rumors, news whether good or bad instantaneously drive markets to their best or worse. Data signification is amplified far beyond comprehension in a momentum that magnifies exponentially in spiral dive fallout when not controlled adequately. And on another plane, looking at the amplitude of the issue, there is no doubt that financial markets, industries and economies are now fully interdependent. The impact economic and financial shocks can create are far beyond the spectrum of a region or even a nation and can be wide-spread on a global scale instead. While the LMX fall out was limited to the reinsurance market in U.K., the Internet bubble at the beginning of the past decade had a wider range globally but yet remained restricted to investors who had placed financial interests in the sector. From a weakening home market in the U.S., the 2008 crisis shortly developed into a global financial issue bringing down economies, industries and sometimes governments worldwide.

A parallel can be made between the LMX spiral and the subprime fiasco that ignited the global crisis. CDOs and similar financial products were created to temper the risks generated by unscrupulous investments by diluting them into cleaner credits. However, the plan did not work as expected and spread all over the credit system. In fact, Schwartzman (2008) confirmed that the LMX spiral and subprime debacles share similar roots by saying: “an attempt to mitigate risk by spreading it to market participants, a series of new and complicated instruments not understood by most people and not even well understood by market professionals, a pool of unsophisticated investors not adequately advised of the risk they were taking on, a collection of unscrupulous brokers who took advantage of the situation to increase commissions by encouraging as many deals as possible with no concern as to how they might play out in the future, and huge profits that continued as long as nothing happened to change the situation on the ground.”

Conclusion: Towards a New Order?

Following the debacle of the financial and banking systems in 2008, one could have hoped that executive managers would be taking a more serious insight of what risk management is all about. Indeed, their priority has always been to successfully run corporations in which investors had shares and interests. As such, incentives based on performance should have sent a clear message to these top executives who should have then adjusted the risks they were willing to take for their company and somehow as well as for themselves as professionals. But this is the theory of should have happened and not what happened at the bottom of the chain. Indeed, the fiduciary responsibility of many was not met.

Meanwhile, the vast nebula created around financial markets has, until recently, hidden the fact that the credit crisis was in the end caused by unscrupulous people who were seeking short term profits rather than long term growth. Lenders with few scruples did take advantage of credulous borrowers, and fortunately or unfortunately these lending businesses disappeared killed by their own counterproductive strategies. Borrowers lied about their incomes to live in homes they could not afford in reality and were given full consent by lenient banking institutions. This spiral of controversial and ineffective stubbornness towards failure could have been stopped or maybe controlled if a relevant structure of regulations had been put in place. Improved and stricter regulations on loans policies could have avoided a large chunk of the crisis dramatic effects, but will those rules, if ever truly and transparently implemented, ever prevent futures crises?

Unfortunately, history reminds us that for each regulation or procedure created there is a loophole that can be exploited. Hence, the whole issue lies in the effective design of regulating systems, taking into account the various risks inherent to the relation between economies and private investments. Better focus on the matter would certain reduce systemic problems in the future and it is becoming now a serious concern in Europe and the U.S. who are looking at introducing enhanced reforms on the regulatory system and the quality of rating agencies. Improved risk management is now a definite requirement. The systems in place today are too limited to encompass the numerous issues they are intended to address. Hence, weak risk management systems imply more risk. The role statistical and probabilistic models play in the equation is far from being negligible. However, they often tend to focus on the wrong perspectives such as the occurrence of a major loss in a year rather than the likelihood of a Black Swan event for instance. As such, models must not be considered as finite and should evolve and adapt in correlation with their environment. The key to prevent markets from dramatically failing beyond control may also simply lie in the capability of predicting these rare events, a concept that is yet to be fully understood and mastered.

The Benefits of Choosing a Career in Risk Management

What is risk management:
Risk management is the process of identification, assessment and treatment of risks that seeks to minimise, control and monitor the impact of risk occurrence through the cost effective utilisation of resources.

Where does risk management apply
Risks occur in every walk of life, in every industry and in every service delivery enterprise, both private and public sectors. The severity of risks occurring depends upon many factors. In order to quantify such severities most organisations traditionally employ some sort of risk processes to assess the likelihood of risks occurring and their perceived or calculated impact. This enables risks to be prioritised and resources applied to meet the overall best interests of the organisation and its internal and external stakeholders.

Risks, great and small
In today’s connected and integrated world risks and their impacts can and do translate across international boundaries. No longer are they confined to departments and within individual companies. Economic boundaries and geographical structures are such that companies now need to assess risks in a world where a volcano in Iceland can cause the closure of a manufacturing plant in Japan.

Equally at the individual organisation level the importance of undertaking health and safety risk assessments in order to protect the health, safety and welfare of it’s employees is a legal obligation for many companies. Product manufactures will undertake design risk assessments in order to ensure that the ultimate users are protected from any safety related design hazard.

Local authorities are required to ensure that they provide safe highways and passage for the general public. For example, they will need to assess the amount of sand and grit they will need to ensure they can cope with the pressures of harsh winter weather to protect the individual motorists and the unsuspecting pensioner on an icy pavement.

All of the above and in many more private and public sector industries and services there is the basic requirement for someone or some persons to identify a potential risk, to evaluate the likelihood of the risk occurring and to calculate the impact or consequence of the risk in order to best minimise its impact.

Risk management – does it work?
Armed with the knowledge that risk is everywhere but that there are robust systems and processes to manage them is it safe to say that such systems and processes work?

Certainly there are many examples of where risk management has worked. If the available systems and processes didn’t work then they simply wouldn’t be used. Risk departments and risk mangers would be unlikely to exist and an irresponsible attitude to risk would likely be prevalent.

Risk management however does not work in all cases. It’s impossible not to be tempted to assert that the BP oil well catastrophe in the Gulf of Mexico could have been prevented if the risks had been fully evaluated. Similarly the lack of controls to adherence of risk processes that has resulted in global financial problems has been laid at the doors of some of the worlds largest financial institution and banks.

Another dimension to risk management
With the proliferation of risk management tools, the use of highly complex modelling techniques and experts and specialists in their fields of expertise, why is it that risks of the magnitude and scale noted above, to the trip hazard on the local pavement, to the vulnerability of the child in a local authorities occur?

It is simply that risk management is not just about rules and regulations. Successful risk management needs a culture and a set of values that ensures that it becomes part of an organisations DNA. If corporate culture is perceived as resentful towards those who raise risks then any risk process is useless. People will hope that the problems just go away. The culture must allow for honesty and openness that allows for maximum benefits to arise from the tools and modelling techniques.

Why choose a career in risk management?
Risk managers and people whose job it is to minimise the occurrence of risks are experts in their field. Their value contribution to any organisation is immense. Qualifications in risk management for some specialised industries – for example insurance – is sometimes necessary and will certainly add to an individuals self marketing capability. However a large number of active risk management individuals do not consciously set out on a career path of risk management. They some how stumble in to it. At this point there is a choice. Do you stick with the tools and techniques or do you grasp the risk agenda and take it forward? The emergence of enterprise risk management aligned to systems thinking; the inescapable link between successful risk intelligent organisations and culture; the in depth knowledge of an organisation and its independencies are immeasurable assets in a world where some have developed a low tolerance to risk. A career in risk management can be as dull as it can be exciting. The choice is yours.

Risk Management Certification: Developing and Implementing A Risk Analysis Template

Individuals who are hoping to begin or enhance a career in business are often looking for opportunities to learn new and tangible skills. The number of business-training options available to individuals is almost endless, and it is often difficult to judge both their credibility and value. A risk management certification is a professional accreditation that provides legitimate and tangible business management skills that can aid any ambitious individual in their career progression. The training involved in earning a certificate in this area builds on the individuals previous training and work experience, and sufficiently prepares the individual to become a high-functioning and contributing member of any senior management team. During the certification process the pupil is introduced to the many different aspects of being a certified risk professional, including the development and use of risk analysis templates and organizational risk policies. Other areas of study include risk identification, analysis, assessment, prioritization, mitigation, and management. A certificate that focuses on these areas that be attained from any of the six primary industry associations that oversee the risk management profession. To earn a certificate in this area the student typically undertakes a certain level of training which in some cases includes class time as well as at-home reading materials. Most people use their certificate to pursue careers as risk managers, either as a consultant with a major international consulting firm, or as an internal risk professional within an organization.

An individual with a certificate in risk management typically begins their career as a risk analyst, a component of a larger risk analysis and oversight team. Over time these individuals have the opportunity to transition to the role of a risk manager or risk officer. One of the primary tools that a certified risk professional is taught how to develop or use is a risk analysis template. This is a document or series of documents that standardizes the risk assessment techniques that the organization plans to use to identify and evaluate the risks their operation is exposed to. These templates are usually designed with the help of a certified risk management professional and adequate examples are available for limited expense. In some cases an organization will develop their own series of templates that are unique to the idiosyncratic operation of the company, while other organizations may use a publicly distributed risk analysis template. That being said, those firms that take the latter approach will often take a standard framework and morph it to apply to their unique organization.

A risk analysis template is traditionally designed in a checklist format that aids the user in asking the correct questions when identifying and analyzing the operational risks the organization is exposed to. They suggest regular areas of risk exposure while also providing insight for organizations to look in areas unique to them. These frameworks are considerably helpful in evaluating the impact and probability of risk events, and aids the organization in prioritizing risks for mitigation and avoidance initiatives. It is always important to use a template that best matches the industry in which the organization operates; for instance, frameworks that apply to a multinational financial services company will be different from ones that apply to a manufacturer of chairs catering to local businesses.

Risk analysis templates are particularly attractive to small and medium sized businesses that either can not financially justify the expense of an external risk management consultant, or have no need for a full-time internal risk specialist. Of course, it is possible to acquire risk assessment and management skills through informal risk training, but free time is at a premium for most small business managers. These pre-designed templates and frameworks offer a great opportunity to leverage the insight of risk management professionals at a reduced cost.

What Are the 5 Risk Management Steps in a Sound Risk Management Process?

As a project manager or team member, you manage risk on a daily basis; it’s one of the most important things you do. If you learn how to apply a systematic risk management process, and put into action the core 5 risk management steps, then your projects will run more smoothly and be a positive experience for everyone involved.

A common definition of risk is an uncertain event that, if it occurs, can have a positive or negative effect on a project’s goals. The potential for a risk to have a positive or negative effect is an important concept. Why? Because it is natural to fall into the trap of thinking that risks have inherently negative effects. If you are also open to those risks that create positive opportunities, you can make your project streamlined, smarter and more profitable. Think of the adage – “Accept the inevitable and turn it to your advantage.” That is what you do when you mine project risks to create opportunities.

Uncertainty is at the heart of risk. You may be unsure if an event is likely to occur or not. Also, you may be uncertain what its consequences would be if it did occur. Likelihood – the probability of an event occurring, and consequence – the impact or outcome of an event, are the two components that characterize the magnitude of the risk.

All risk management processes follow the same 5 basic steps, although sometimes different jargon is used to describe these steps. Together these risk management steps combine to deliver a simple and effective risk management process.

Step 1: Identify. You and your team uncover, recognise and describe risks that might affect your project or its outcomes. There are a number of techniques you can use to find project risks. During this step you start to prepare your Project Risk Register.

Step 2: Analyze. Once risks are identified you determine the likelihood and consequence of each risk. You develop an understanding of the nature of the risk and its potential to affect project goals. This information is also input to your Project Risk Register.

Step 3: Evaluate or Rank. You evaluate or rank the risk by determining the risk magnitude, which is the combination of likelihood and consequence. You make decisions about whether the risk is acceptable or whether it is serious enough to warrant treatment. These risk rankings are also added to your Project Risk Register.

Step 4: Treat. This is also called Risk Response Planning. During this step you assess your highest ranked risks and set out a plan to treat or change them to achieve acceptable risk levels. How can you minimize the probability of the negative risks as well as enhancing the opportunities? You create mitigation strategies, preventive plans and contingency plans in this step. And you add the treatment measures for the highest ranking or most serious risks to the Project Risk Register.

Step 5: Monitor and Review. This is the step where you take your Project Risk Register and use it to check, track and review risks.

Risk is about uncertainty. If you put a framework around that uncertainty, then you effectively de-risk your project. And that means you can move much more confidently to achieve your project goals. By identifying and managing a comprehensive list of project risks, unpleasant surprises and barriers can be reduced and golden opportunities discovered. The risk management process also helps to resolve problems when they occur, because those problems have been envisaged and plans to treat them have already been developed and agreed. You avoid impulsive reactions and going into “fire-fighting” mode to rectify problems that could have been anticipated. This makes for happier, less stressed project teams and stakeholders. The end result is that you minimize the impacts of project threats and capture the opportunities that occur.

Vivian Kloosterman is the founder of Continuing Professional Development with over 30 years of professional experience in the fields of professional engineering, business leadership, governance, risk management and project management.