Candidates taking paper P3 should understand the central role of risk management in every organisation, whether it's a business, a public-sector body or a charity. Risk management is sometimes thought of--incorrectly--as a method for reducing or eliminating risk. This view is too restrictive, because risk is an unavoidable part of life.
If we consider an event such as crossing the road, we face the risk of being killed or seriously injured by a vehicle, but that doesn't prevent us from crossing roads. Whether we realise it or not, we all go through a quick mental process to assess the risk and take appropriate action. First, we identify that there is a risk. If we don't, we leave things completely to chance, which is dangerous. Second, we estimate the scale of the risk: we automatically take into account the road width, the surface conditions, visibility, the density and speed of traffic and so on. We might also consider our own physical capabilities and other factors such as whether we've got children with us or whether we're running late for an important appointment. We perform a mental calculation that weighs all these factors and assesses the risk. Without thinking deliberately about it, we then balance the likelihood of being hit by a car against the consequences. In fast-moving traffic, we may get killed; in stow-moving traffic, cars may stop for us.
As individuals we make a decision about when and where to cross a road. We do not avoid risk altogether; we manage it through some deliberate action. We use a pedestrian crossing, we wait until the traffic diminishes--or we simply accept the risk, hope for the best and make a dash for it.
Why will some people run across a busy road while others always wait patiently at a pedestrian crossing for the lights to change, even if there's not much traffic? It's because we all perceive risks differently as a result of our upbringing, our education and our personality. It can also be influenced by cultural factors and our own experiences. If we've had a near miss ourselves or know someone who has been injured or killed in a road accident, this is likely to influence whether we're risk-takers or risk-avoiders when it comes to crossing roads.
The fact that people don't approach risk in the same way makes managing risk in organisations a challenge. The process follows similar principles, but it is more complicated, of course.
One complication is that organisations are collectives of people with different views of the conditions, different experiences and different attitudes to risk. For example, accountants are seen (stereotypically) as risk-averse, while sales people are seen as more risk-orientated. Another complication is that organisational objectives are far more complex than those of individuals, because organisations are trying to satisfy a range of stakeholders, whose attitudes may also vary. Organisations are expected to produce continuously improving results and set stretching objectives to satisfy their stakeholders. Risk, therefore, is not only about the possibility that something bad will occur; it's also about missed opportunities--goals that can't be achieved. In order to meet its objectives a business must take risks, such as introducing a new product, and there is usually a trade-off between risk and return. Investing in government securities is a safe option, for example, but the returns will be low. Introducing a new product, on the other hand, may pay much higher returns but there's a risk that the product may not be successful.
There are different organisational risk management models, but the following process contains seven key steps:
* Identify the risks. Risks are an everyday part of life, so organisations need a system to identify all those they face. This involves collecting information from a variety of sources: individuals, reports, observation and environmental assessments. Common …