Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
119 views

Refernces: R7-MARANAN (3-5) (14-24)

Risk is uncertainty that can result in danger, loss, or injury. It involves future uncertainties and deviations from expected outcomes. There are internal and external sources of risk. The risk management process involves identifying risks, assessing their potential impact, developing options to mitigate risks, selecting treatments, and implementing and monitoring a risk management plan. It is an ongoing process that requires periodic reassessment as risks evolve over time.

Uploaded by

Mayang Yamashita
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
119 views

Refernces: R7-MARANAN (3-5) (14-24)

Risk is uncertainty that can result in danger, loss, or injury. It involves future uncertainties and deviations from expected outcomes. There are internal and external sources of risk. The risk management process involves identifying risks, assessing their potential impact, developing options to mitigate risks, selecting treatments, and implementing and monitoring a risk management plan. It is an ongoing process that requires periodic reassessment as risks evolve over time.

Uploaded by

Mayang Yamashita
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 18

REFERNCES:

R7-MARANAN (3-5) (14-24)


1. According to UNWTO:

 Is a situation that exposes someone or something to

danger, harm or loss.

 Risk can be physical safety matter, a risk of property loss, a

financial business risk, and more.


2. Business Dictionary defined risk:

 The probability of threat of damage, injury, liability, or any

other adverse occurrence that is caused by external or


internal vulnerabilities, and that may be avoided through
preemptive action.
3. In the point of view of economics

 Risk implies future uncertainty about deviation from

expected earnings or expected outcome.

 Risk measures the uncertainty that an investor is willing to

take to realize a gain from an investment.


 As defined in ISO 31000:

 Is the identification, evaluation and prioritization of risks.

 It is followed by coordinated and economical application of

resources to minimize, monitor and control the probability of


unfortunate events to achieve the desired output. (Hubbard,
2009)
 BY THE INTERNATIONAL ORGANIZATION FOR STANDARDIZATION:
1. Risk management should create a value wherein the resources
expended to mitigate risk should be less than the consequences of
inaction
2. It should be an integral part of the organizational process
3. The risk management should become part of the decision-making
processes
4. It should explicitly address uncertainty and assumptions
5. It should be placed in a systematic and structured process
6. The best available information should be the basis of risk
management
6. Risk management should be tailorable
7. It should take human factors into account
8. It should be transparent and inclusive
9. The dynamism, interactivity, and responsiveness to change must be
evident on the risk management
10. Risk management should be capable of continual improvement and
enhancement
11. There is a need for a continuous and periodic re-assessment of the
risk management
 The following are the steps for the implementation of the risk management process
based on ISO 31000:
1. Content establishment
2. Identification of the potential risk
3. Risk assessment
4. Creation of risk options
5. Identification of potential risk management treatments
6. Make a risk management plan
7. Execute the plan
 Establishing the content of risk management involves the following:
a) Risk identification in a selected domain of interest
b) Planning the rest of the whole risk management process
c) Plotting out the
 Scope of risk management
 Identify the objectives of stakeholders
 Basis of risk evaluation and constraints

d) The framing of risk management activity and agenda for identification


e) Analysis of risks involved in the process
f) Giving of a solution of risks using available technological, human and
organizational resources
 Good managers must possess the ability to forecast the problems that may arise
out of the current endeavor that they have been attending. It may start with source
identification, whether from the competitors or with the problem itself.
 The sources of risk may be classified as:
1. Internal
2. External

 The risk management process did not stop when the risk and sources of risk were
identified. The manager must be able to answer the whys of risk so that proper
treatment could be given. It is not merely stating the fact that there is a possibility
of terrorism, the reason for having such possibility must be addressed as well.
 It is the stage wherein the severity of the impact of the said
risk is being weighed to make the most intelligent
decisions for the full implementation of the risk
management plan.
 According to RFC4949
 It is the determination of a qualitative and quantitative
estimate of risk related to a clear situation and recognized
threat (also called hazard).
The following are some of the options to mitigate risks:
1. Project a novel business procedure with sufficient built-in risk
control and containment measures from the start.
2. Conduct a periodic reassessment of risks that are acceptable in
ongoing processes as a regular feature of business operations
and modify mitigation measures.
3. Handover risks to an external agency like an insurance company
4. Avoid risks altogether
5. Potential risk treatments
The techniques in managing risk may be categorized into
the following:
1. Avoidance
2. Reduction
3. Sharing
4. Retention
 According to Dcosta (2015)
 Risk management plan evaluates identified risks and
outlines mitigation actions.
 The need for periodical updates and expansion in the entire
cycle of the project, as the project becomes more
complexed and more defined.
 Dcosta suggest the inclusion of the following in the
formulation of the matrix to prioritize risks
1. Risk and consequence
2. Probability
3. Impact
4. Priority
5. Mitigation response
 Consider the practice, experience, and the actual loss results
when you do your modification.
 An updated periodic management plan is needed because of
the following reasons:
1. Determination of the applicability and effectiveness of the
previous security controls
2. Understand the possible changes in risk level in the
business environment

You might also like