As applied to corporate finance, risk management is the technique for measuring, monitoring and controlling the financial or operational risk on a firm's balance sheet.
The Basel II framework breaks risks into market risk (price risk), credit risk and operational risk and also specifies methods for calculating capital requirements for each of these components.
Enterprise risk management
In
enterprise risk management, a
risk is defined as
a possible event or circumstance that can have negative influences on the
Enterprise in question. Its impact can be on the very existence, the resources
(human and capital), the products and services, or the customers of the
enterprise, as well as external impacts on society, markets, or the environment.
In a financial institution, enterprise risk management is normally thought of as
the combination of
credit
risk, interest rate risk or
asset liability management, market risk, and operational risk.
In the more general case, every probable risk can have a preformulated plan
to deal with its possible consequences (to ensure contingency if the risk
becomes a liability).
From the information above and the average cost per employee over time, or
cost accrual ratio, a project manager can estimate
the cost associated with the risk if it arises, estimated by multiplying
employee costs per unit time by the estimated time lost (cost impact,
C where C =
cost accrual ratio * S).
the probable increase in time associated with a risk (schedule
variance due to risk, Rs where Rs = P * S):
Sorting on this value puts the highest risks to the schedule first.
This is intended to cause the greatest risks to the project to be
attempted first so that risk is minimized as quickly as possible.
This is slightly misleading as schedule variances with a
large P and small S and vice versa are not equivalent. (The risk of the
RMS Titanic sinking vs. the passengers' meals being served at
slightly the wrong time).
the probable increase in cost associated with a risk (cost variance
due to risk, Rc where Rc = P*C = P*CAR*S = P*S*CAR)
sorting on this value puts the highest risks to the budget first.
see concerns about schedule variance as this is a function of
it, as illustrated in the equation above.
Risk in a
project or
process can be due either to
Special Cause Variation or
Common Cause Variation and requires appropriate treatment. That is to
re-iterate the concern about extremal cases not being equivalent in the list
immediately above.
Risk management activities as applied to project
management
In
project management, risk management includes the following activities:
Planning how risk management will be held in the particular project.
Plan should include risk management tasks, responsibilities, activities and
budget.
Assigning a risk officer - a team member other than a project manager
who is responsible for foreseeing potential project problems. Typical
characteristic of risk officer is a healthy skepticism.
Maintaining live project risk database. Each risk should have the
following attributes: opening date, title, short description, probability
and importance. Optionally a risk may have an assigned person responsible
for its resolution and a date by which the risk must be resolved.
Creating anonymous risk reporting channel. Each team member should have
possibility to report risk that he foresees in the project.
Preparing mitigation plans for risks that are chosen to be mitigated.
The purpose of the mitigation plan is to describe how this particular risk
will be handled � what, when, by who and how will it be done to avoid it or
minimize consequences if it becomes a liability.
Summarizing planned and faced risks, effectiveness of mitigation
activities, and effort spent for the risk management.