Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
|
Risk assessment
124 Key dependencies can then be further analysed by asking what could impact each of them. If a hazard analysis is being undertaken then the question is: ‘What could undermine each of these key dependencies?’ If control risks are being identified, then the question can be asked: ‘What would cause uncertainty about these key dependencies?’ For an opportunity risk analysis, the question would be: ‘What events or circumstances would enhance the status of each of the key dependencies?’ For many organizations, quantification of risk exposure is essential and the risk assessment technique that is chosen must be capable of delivering the required quantification. Quantification is particularly important for financial institutions and the style of risk management employed in these organizations is frequently referred to as operational risk management (ORM). Risk workshops are probably the most common of the risk assessment techniques. Brainstorming during workshops enables opinions regarding the significant risks faced by the organization to be shared. A common view and understanding of each risk is achieved. However, the disadvantage can be that the more senior people in the room may dominate the conversation, and contradicting their opinions may be difficult and unwelcome. In order to have a structured discussion at a risk assessment workshop, several brainstorming structures are in common use. These may be qualitative or quantitative, depending on the level of analysis of the risk that is required. The most common of the qualitative brainstorming structures are the SWOT and PESTLE analysis. SWOT is an analysis of the strengths, weaknesses, opportunities and threats faced by the organization. The SWOT analysis has the benefit that it also considers the upside of risk by evaluating opportunities in the external environment. One of the strengths of the SWOT analysis is that it can be linked to strategic decisions. However, because it is not a structured risk classification system, there is a possibility that not all of the risks will be identified. The other common qualitative approach is the PESTLE analysis that considers the political, economic, social, technological, legal and ethical (or environmental) risks faced by the organization. Table 11.3 considers the PESTLE risk classification system in more detail. PESTLE is a well-established structure with proven results for under- taking brainstorming sessions during risk assessment workshops. Many organizations will wish to undertake a quantitative evaluation of the possi- bility of a risk event occurring. There are several techniques available for undertaking these quantitative evaluations. The most common are hazard and operability (HAZOP) studies and failure modes effects analysis (FMEA). Both of these techniques are structured approaches that ensure that no risks are omitted. However, the involvement of a wide range of experts is required in order to undertake an accurate quantitative analysis. HAZOP and FMEA techniques are most easily applied to manufacturing opera- tions. HAZOP studies are often undertaken of hazardous chemical installations and complex transport structures, such as railways. Also, HAZOP studies of complex installations, such as nuclear power stations, are often undertaken. They can also be applied to the analysis of the safety of products. In both cases, these are very analytical and time-consuming approaches, but such an approach will be necessary in a wide range of circumstances. |
