The Risk Management Process – How to Maintain an Effective Risk Management Program

A risk management program is a complicated but necessary initiative within organizations. However, by following a distinct process, organizations can maximize the effectiveness of their risk management program.

Identifying and Analyzing

To effectively manage risk, management must first identify the risks that pose the threat of a loss.

Risk managers use a variety of methods to collect information to identify such risks, the common of which is incident reporting, which is the reporting of any incident that is NOT consistent with the standard of care. Incident reports help identify training opportunities and weak processes within operations.

Occurrence screenings, also a common used method to identify possible exposures, are often done as apart of quality assurance initiatives.

Patient feedback, such as complaints or results from patient satisfaction surveys, is also used to identify potential loss exposures.

Past data can be very valuable in identifying risk and also addressing it, as it provides lessons learned from past mistakes or near misses. By analyzing past data, risk managers can identify the root cause of an incident that lead to a loss. Past occurrences help managers analyze the potential impact of current risks, and helps managers prioritize potential exposures.

Open communication between management and staff may be considered the most effective form of risk identification, as it can produce valuable information regarding the effectiveness of processes and any potential weaknesses within processes.

Once potential risks are identified, they must be analyzed in order to determine their significance. Risk managers must prioritize risks based on their potential for financial loss. Managers should prioritize addressing potential events that could lead to substantial losses over smaller threats that would be less costly.

Evaluate Possible Risk Management Techniques

Techniques used to manage risk can be broken down into two categories:

– Risk Control: techniques that are aimed at preventing or reducing loss

– Risk Financing: techniques used to pay for losses that occurred

Risk Control Techniques


Avoidance techniques are those used to eliminate the possibility of a loss entirely. If a risk that cannot be reduced exists within a particular activity, avoiding that activity would in effect avoid the risk associated with it.

Loss Prevention

Loss prevention reduces the likelihood of a potentially compensable event from occurring.

Loss prevention practices include reviewing and implementing policies and procedures and educating staff.


Educating staff about existing regulations regarding the release of a patient’s medical records or protected health information is a loss prevention technique as it reduces the possibility of an occurrence.

Loss Reduction

Loss reduction techniques are used to reduce the potential consequences of an event that has occurred.

Diligence is key in exercising reduction strategies, as damages awarded can be much lower for an organization that exemplified diligence in attempting to prevent an occurrence or following up on an occurrence that has happened (investigating the occurrence and determining its root cause).

Another example of a loss reduction technique is if a medical facility were to use fire retardant materials during construction. This would reduce total loss considerably in the event of a fire.

Segregation of Loss Exposures

Segregating loss exposures involves arranging an organization’s operations and resources in a way that if a loss occurs, its overall effect on the organization would be minimized.


A separation technique relates to the saying, “don’t keep all of your eggs in one basket”, as it involves dispersing activities and resources over multiple locations.


Facilities and vendors may store their inventory in multiple locations in the event of a fire or any other event that would damage inventory.

Medical practices may also choose to avoid contracts with vendors and purchase through multiple vendors in case a vendor were to run out of stock on an item.


Duplication techniques are used to serve as back up in the event of a loss. Many practices keep copies of patient medical records in case of an event that damages the originals.

Duplication techniques are also used in terms of physician coverage.


It is mandatory that when chemotherapy is being administered to a patient, that a physician or mid-level is on site in case of if a patient experiences a reaction to the drug. If only one provider were available to cover, and something arose causing the provider to have to leave, then the chemotherapy treatment would NOT be able to be given or would be a violation to do so.

Contractual Transfer of Risk Control

Contractual transfer of risk control involves transferring risk from one party to another. An example of this is when a medical office leases property, thereby transferring the risk of loss or damage to the properties owner.

Risk Financing

Risk Retention

Risk retention is a technique that involves planning on how to cover losses if they were to occur.

The simplest risk retention technique is to simply pay for a loss as it occurs. This is not viable for smaller organizations, depending on the amount of the loss.

Organizations may also accrue dollars in a funded reserve which can be used to cover any future loss.

Organizations may also borrow funds to cover losses.

Physicians also carry extensive malpractice insurance policies to help cover any loss that is incurred.

Risk retention should be considered when:

• There are known risks that cannot be reduced or avoided

• A risk does not carry much potential for great loss and the organization can pay for any loss itself

• There are predictable losses

Risk Transfer

Risk transfer involves an organization transferring only the financial liabilities to another party, while still assuming the legal obligations. This is typically done by purchasing outside insurance policies.

Select a Risk Management Technique

Organizations should implement at least one risk control technique and one risk financing technique.

Selecting the most effective technique requires an organization to predict how a selected technique would affect its mission and goals (i.e. it may not be viable for a specialist to avoid risks by avoiding procedures that are necessary for that particular specialty).

The organization must also consider which technique is most cost-effective in respect to it’s operations.


Implementation requires communication between risk management, department heads, and organizational leaders. All leadership must understand the techniques chosen to be implemented and educate staff of their importance and purpose.

Communication and education ensures that implementation of any technique is smooth, effective, and understood.

Monitor and Improve the Implemented Technique

Once a technique has been implemented, its effectiveness must be closely monitored, evaluated, and improved when needed by management. Risk management techniques can be very complex in nature, and require fine tuning when put to work.

If you need to dominate the Houston Market for your service or product look no further than Local SEO Houston we will help you increase your leads and target traffic!

The Benefits of Choosing a Career in Risk Management

What is risk management:
Risk management is the process of identification, assessment and treatment of risks that seeks to minimise, control and monitor the impact of risk occurrence through the cost effective utilisation of resources.

Where does risk management apply
Risks occur in every walk of life, in every industry and in every service delivery enterprise, both private and public sectors. The severity of risks occurring depends upon many factors. In order to quantify such severities most organisations traditionally employ some sort of risk processes to assess the likelihood of risks occurring and their perceived or calculated impact. This enables risks to be prioritised and resources applied to meet the overall best interests of the organisation and its internal and external stakeholders.

Risks, great and small
In today’s connected and integrated world risks and their impacts can and do translate across international boundaries. No longer are they confined to departments and within individual companies. Economic boundaries and geographical structures are such that companies now need to assess risks in a world where a volcano in Iceland can cause the closure of a manufacturing plant in Japan.

Equally at the individual organisation level the importance of undertaking health and safety risk assessments in order to protect the health, safety and welfare of it’s employees is a legal obligation for many companies. Product manufactures will undertake design risk assessments in order to ensure that the ultimate users are protected from any safety related design hazard.

Local authorities are required to ensure that they provide safe highways and passage for the general public. For example, they will need to assess the amount of sand and grit they will need to ensure they can cope with the pressures of harsh winter weather to protect the individual motorists and the unsuspecting pensioner on an icy pavement.

All of the above and in many more private and public sector industries and services there is the basic requirement for someone or some persons to identify a potential risk, to evaluate the likelihood of the risk occurring and to calculate the impact or consequence of the risk in order to best minimise its impact.

Risk management – does it work?
Armed with the knowledge that risk is everywhere but that there are robust systems and processes to manage them is it safe to say that such systems and processes work?

Certainly there are many examples of where risk management has worked. If the available systems and processes didn’t work then they simply wouldn’t be used. Risk departments and risk mangers would be unlikely to exist and an irresponsible attitude to risk would likely be prevalent.

Risk management however does not work in all cases. It’s impossible not to be tempted to assert that the BP oil well catastrophe in the Gulf of Mexico could have been prevented if the risks had been fully evaluated. Similarly the lack of controls to adherence of risk processes that has resulted in global financial problems has been laid at the doors of some of the worlds largest financial institution and banks.

Another dimension to risk management
With the proliferation of risk management tools, the use of highly complex modelling techniques and experts and specialists in their fields of expertise, why is it that risks of the magnitude and scale noted above, to the trip hazard on the local pavement, to the vulnerability of the child in a local authorities occur?

It is simply that risk management is not just about rules and regulations. Successful risk management needs a culture and a set of values that ensures that it becomes part of an organisations DNA. If corporate culture is perceived as resentful towards those who raise risks then any risk process is useless. People will hope that the problems just go away. The culture must allow for honesty and openness that allows for maximum benefits to arise from the tools and modelling techniques.

Why choose a career in risk management?
Risk managers and people whose job it is to minimise the occurrence of risks are experts in their field. Their value contribution to any organisation is immense. Qualifications in risk management for some specialised industries – for example insurance – is sometimes necessary and will certainly add to an individuals self marketing capability. However a large number of active risk management individuals do not consciously set out on a career path of risk management. They some how stumble in to it. At this point there is a choice. Do you stick with the tools and techniques or do you grasp the risk agenda and take it forward? The emergence of enterprise risk management aligned to systems thinking; the inescapable link between successful risk intelligent organisations and culture; the in depth knowledge of an organisation and its independencies are immeasurable assets in a world where some have developed a low tolerance to risk. A career in risk management can be as dull as it can be exciting. The choice is yours.

But remember, risk is about taking the opportunity to grow, expand and compete more effectively. Without risk, there is no reward – for the organisation or for the individual.

What Are the 5 Risk Management Steps in a Sound Risk Management Process?

As a project manager or team member, you manage risk on a daily basis; it’s one of the most important things you do. If you learn how to apply a systematic risk management process, and put into action the core 5 risk management steps, then your projects will run more smoothly and be a positive experience for everyone involved.

A common definition of risk is an uncertain event that, if it occurs, can have a positive or negative effect on a project’s goals. The potential for a risk to have a positive or negative effect is an important concept. Why? Because it is natural to fall into the trap of thinking that risks have inherently negative effects. If you are also open to those risks that create positive opportunities, you can make your project streamlined, smarter and more profitable. Think of the adage – “Accept the inevitable and turn it to your advantage.” That is what you do when you mine project risks to create opportunities.

Uncertainty is at the heart of risk. You may be unsure if an event is likely to occur or not. Also, you may be uncertain what its consequences would be if it did occur. Likelihood – the probability of an event occurring, and consequence – the impact or outcome of an event, are the two components that characterize the magnitude of the risk.

All risk management processes follow the same 5 basic steps, although sometimes different jargon is used to describe these steps. Together these risk management steps combine to deliver a simple and effective risk management process.

Step 1: Identify. You and your team uncover, recognise and describe risks that might affect your project or its outcomes. There are a number of techniques you can use to find project risks. During this step you start to prepare your Project Risk Register.

Step 2: Analyze. Once risks are identified you determine the likelihood and consequence of each risk. You develop an understanding of the nature of the risk and its potential to affect project goals. This information is also input to your Project Risk Register.

Step 3: Evaluate or Rank. You evaluate or rank the risk by determining the risk magnitude, which is the combination of likelihood and consequence. You make decisions about whether the risk is acceptable or whether it is serious enough to warrant treatment. These risk rankings are also added to your Project Risk Register.

Step 4: Treat. This is also called Risk Response Planning. During this step you assess your highest ranked risks and set out a plan to treat or change them to achieve acceptable risk levels. How can you minimize the probability of the negative risks as well as enhancing the opportunities? You create mitigation strategies, preventive plans and contingency plans in this step. And you add the treatment measures for the highest ranking or most serious risks to the Project Risk Register.

Step 5: Monitor and Review. This is the step where you take your Project Risk Register and use it to check, track and review risks.

Risk is about uncertainty. If you put a framework around that uncertainty, then you effectively de-risk your project. And that means you can move much more confidently to achieve your project goals. By identifying and managing a comprehensive list of project risks, unpleasant surprises and barriers can be reduced and golden opportunities discovered. The risk management process also helps to resolve problems when they occur, because those problems have been envisaged and plans to treat them have already been developed and agreed. You avoid impulsive reactions and going into “fire-fighting” mode to rectify problems that could have been anticipated. This makes for happier, less stressed project teams and stakeholders. The end result is that you minimize the impacts of project threats and capture the opportunities that occur.

Vivian Kloosterman is the founder of Continuing Professional Development with over 30 years of professional experience in the fields of professional engineering, business leadership, governance, risk management and project management.

Strengthening the CFO’s Role in Strategic Risk Management

Strengthening the CFO’s role in strategic risk management to lead Capital intensive business in market volatility

Capital Intensive Businesses

Capital-intensive business exists with lower margins. Management is always expecting Return on Capital Employed (ROCE) above the cost of capital. The major businesses are Oil & Gas, Infrastructure, Construction, IT etc.

Market Volatility Challenges

Market volatility, ceaseless pressure on margins and demanding stakeholders increase the difficulties of thriving in an increasingly interconnected, interdependent and unpredictable global economy.

Many organizations have yet to adapt to this new state of the economic landscape. Doing nothing is no longer an option – they need to adjust and take action now.

Many organizations are now transforming their businesses to strengthen their organization to save costs, create more client-centricity, restore stakeholder confidence and/or embed new business models.

For many organizations, long-term success depends on the success of these transformation programs. To make it more challenging, the margin for error continues to be small, and the environment in which transformation needs to happen continues to increase in complexity.

Strategic Risk Management

• It’s a process for identifying, assessing, and managing both internal and external events and risks that could impede the achievement of strategy and strategic objectives.

• The ultimate goal is creating and protecting shareholder and stakeholder value.

• It’s a primary component and necessary foundation of the organization’s overall enterprise risk management process.

• It is a component of Enterprises Risk Management (ERM), it is by definition effected by boards of directors, management, and others.

• It requires a strategic view of risk and consideration of how external and internal events or scenarios will affect the ability of the organization to achieve its objectives.

• It’s a continual process that should be embedded in strategy setting, strategy execution, and strategy management.

Identifying concrete steps for CFOs to increase involvement in risk management for investment decisions

Concrete Steps to Increase the CFO’s Involvement in Risk Management

• Build a tight link between risk management and other Business Process

• Lead a corporate-level discussion of Risk Preference, Focusing on Risk Choice and select optimal mix

• Use Risk Analytics to communicate investment and strategic Decisions

Build a tight link between risk management and other Business Process

• Focus on foresee issues which will emerging in the future instead of current issues.

• On the basis of prioritization a guidelines to be issued for which Business performance metrics would be effected.

• Business Planners conduct adhoc analysis of upside versus risk, focusing most, if not all, of other attention on a single “Center Cut” scenario.

• Highlighting exactly where and how risk will affect the Business Plan

• Incorporating systematic stress testing using macro scenarios which will reflects possible impact on financial planning

• Applying probabilistic “financial at risk” modeling for major investment decision these efforts. (Cash in hand vs cash needs)

Lead a corporate-level discussion of Risk Preference, Focusing on Risk Choice and select optimal mix

• It is critical to have clear answers to the following questions before making decisions:

o What is the company’s competence in the market?

o Are the decision makers familiar with the risks involved including the tail risks and understand their potential impact?

o Is the company capable of surviving extreme events?

• Risk appetite articulates the level of risk a company is prepared to accept to achieve its strategic objectives.

• Risk appetite frameworks help management understand a company’s risk profile, find an optimal balance between risk and return, and nurture a healthy risk culture in the organization. It explains the risk tolerance of the company both qualitatively and quantitatively.

• Qualitative measures specify major business strategies and business goals that set up the direction of the business and outline favourable risks.

• Quantitative measures provide concrete levels of risk tolerance and risk limits, critical in implementing effective risk management.

Use Risk Analytics to communicate investment and strategic Decisions

• CFO plays an important role in financial and strategic aspects of investments and the evaluation of major decision. He leads the discussion and rival proposals and solutions and often hold powerful decision rights.

• Major Projects with value at stake comparable to total risk from current company operations are discussed and decided with qualitative list of major risks.

• The CFO is ensuring by defining right set of core financial and risk analytics to run for each option to ensure this value stake is brought to light and debated.


Best Practices applicable for Company’s Financial Health

CFO have several options to compete more effectively in the Risk Management decisions. Improving returns starts with rethinking where to play-and with four strategic steps that many companies often overlook when it comes to improving performance.

Where to play: A more profit-focused portfolio

• The most pressing issue for leadership teams in capital intensive industries is whether to stay in businesses in which margins have been relentlessly driven down. Many companies are choosing to exit low-profit businesses that once were considered to be core. As they rebalance their portfolios, they are migrating up the value-added chain, investing in related sectors where new technologies can provide competitive advantages.

• Profit pool mapping is an important tool for assessing whether and where it makes sense to do business. In heavy industries, management teams often are so focused on volumes and tonnage that they overlook where the biggest profit pools are. By understanding the sources and distribution of profits across their industry, companies can gain an inside edge on improving returns.

• The premium end of the business typically represents a very large proportion of the profit pool. The best opportunities often cluster there for companies competing in capital-intensive industries.

• Picking the right place to play in the value chain is also critical to improving returns-and the most profitable spot varies across industries.

Best Practices applicable for Company’s Financial Health How to win: Four strategic steps to improving returns

1. Improve the cost base and review capex continually –

• In capital-intensive industries where low returns have become endemic, reducing costs and improving capex efficiency are important ways to improve performance – New developing market entrants in capital-intensive industries have built a strong competitive advantage by keeping capex relatively low. By contrast, the focus on cutting costs at many established players means they sometimes lose sight of improving capex. One way to get the balance right: Develop a more disciplined approach to managing capex, and benchmark the company’s performance against the industry’s leaders.

• Cost discipline makes a critical difference. One-time efforts usually fail to deliver savings that stick, as our research shows. One explanation is that in tough times, management teams are quick to cut costs, but when the cycle swings up, they tend to take their eye off cost improvement and focus on growth-related priorities.

• Developing a rigorous approach to cost improvement and nurturing the right capabilities to optimize working capital can help capital-intensive companies outperform.

2. Build the lowest-cost position

• Geography is another key factor for improving returns. Investing in geographies that offer the lowest landed cost position can create a strong competitive advantage. It’s particularly important in asset-heavy industries where the one-time cost of closing and moving businesses is high.

• The best-performing firms revisit their geographic footprint regularly, as cost dynamics are constantly evolving.

• Companies that can choose the lowest-cost geography up front gain a competitive edge. Those in mature industries need to weigh the short-term downside against the longer-term benefits of reducing complexity.

3. Use mergers and acquisitions strategically

• Smart acquisitions can help improve performance significantly, but many companies get off to a bad start by investing at the top of the cycle, when prices are at their peak, simply because that’s when cash is available. Leadership teams that take a strategic, disciplined and long-term approach to M&A instead of a tactical and episodic approach can improve returns significantly.

• Companies that nurture M&A as a core competence derive the greatest value from them. Their leadership teams devote time to developing a structured roadmap of the most attractive potential targets, making it easier to acquire assets when the right opportunity comes along-and to target acquisitions at the bottom of the cycle.

• Companies that are most experienced in M&A build their capabilities over time. They search hard for merger or acquisition candidates that will add to their operating profit and fuel balanced growth. They pursue nearly as many scope deals as scale deals, moving into adjacent markets as well as expanding their share of existing markets. Most importantly, they create Repeatable Models for identifying, evaluating and then closing good deals. What they typically find is that there are plenty of good prospects to be pursued and that the risk involved decreases with experience.

4. Service ace

• For traditional capital-intensive industries, service can be a highly profitable business in its own right, generating better and faster return on investment than new production facilities, large-scale R&D programs or acquisitions.

• Indeed, for many industrial manufacturers, investing in service is the only way to sustainably grow profits in a tough economic environment. Investing in a service business also lowers capital intensity.

• Investing in a world-class service business can become a strategic ace, elevating a company above competitors in an environment where differentiation on products and cost is difficult to achieve. The range of service opportunities, some larger than others, will vary by industry and company. Here again, mapping profit pools can help identify the potential size of service businesses and those with the greatest returns.

o There is no question that companies in capital-intensive industries operate in a difficult environment today. But leadership teams that commit to a bold ambition have opportunities to break away from the pack and achieve double-digit returns significantly above the cost of capital.

Best Practices applicable for Company’s Financial Health-Getting there requires a strategic shift toward a more profit-focused portfolio:

• Find the most attractive profit pools in your businesses.

• Adopt a mindset of continual cost improvement and capex optimization.

• Look for opportunities to drive down the company’s landed cost footprint by investing in the right geographies.

• Develop strong in-house M&A expertise and a structured roadmap of potential deals.

• Invest in related service businesses

Leadership teams that take these steps will not only give returns a powerful boost, they also will help to rebuild competitive advantage and position their companies to win in a changed industrial landscape.

Reengineering Strategies to improve the link Between Risk Management and Business Planning Process

• Business process reengineering is one approach for redesigning the way work is done to better support the organization’s mission and reduce costs.

• Reengineering starts with a high-level assessment of the organization’s mission, strategic goals, and customer needs.

• Within the framework of this basic assessment of mission and goals, reengineering focuses on the organization’s business processes–the steps and procedures that govern how resources are used to create products and services that meet the needs of particular customers or markets.

• Reengineering identifies, analyses, and redesigns an organization’s core business processes with the aim of achieving dramatic improvements in critical performance measures, such as cost, quality, service, and speed.

• Reengineering recognizes that an organization’s business processes are usually fragmented into sub processes and tasks that are carried out by several specialized functional areas within the organization.

• The CFO Act focuses on the need to significantly improve the government’s financial management and reporting practices. Having appropriate financial systems with accurate data is critical to measuring performance and reducing the costs of operations

Management & Decision Support Structure

• Investigate suggestion for reducing costs and to make them practical and acceptable

• Obtain definite prices and costs

• Present recommendation in comprehensive report

People & Organization

• Organize around outcomes and not tasks

• Have those who use the output of the process perform the process

• Built control in process systems

• Treat geographically dispersed resources

Policies & Regulations

• Develop policies and procedures

• Comply with compliances

• Environmental compatibility

Information & Technology

• Information should go along with the process

• Link all activities

• Capture information at source

• Create reports and real time online updates

Frame for Assessing Reengineering

• Assessing the Organisation’s Decision to Pursue Reengineering

• Reassessing of Its Mission and Strategic Goals

• Identifying Performance Problems and Set Improvement Goals

• Engagement in Reengineering

• Assessing the New Process’ Development

• Appropriately Managing of Reengineering Project

• Analysis of the Target Process and Developed with Feasible Alternatives

• Completion of Sound Business Case for Implementing the New Process

• Assessing Project Implementation and Results

• Following a Comprehensive Implementation Plan

• Executives Addressing Change Management Issues

• New Process Achieving the Desired Results


CFOs need to develop a stronger focus on the economic and performance drivers of their business and need to understand how the effective allocation of scarce resource will help them achieve financial objectives. The CFO must build a performance management capability that can:

• Provide visibility and analysis of information to support resource allocation

• Support the decision-making process by providing the right information to the right people at the right time

• Demonstrate the financial impacts of different decisions and scenarios to enable the organization to predict and compare outcomes

• Incentivize executives and managers to make decisions that maximize marginal contribution

• Enable a data-driven view on resource allocations across the entire value chain (to include corporate strategy; sales, marketing and customer service; supply chain manufacturing and production; finance, HR, legal and compliance)

• Identify the most critical decision points that drive economic performance

With a unique perspective across the entire business, CFOs can provide valuable insight into the decisions that create or protect marginal contribution across the value chain. Armed with a detailed understanding of how and where growth in sales leads to growth in profits, they can offer an objective assessment of fixed and variable costs, and then identify how a reduction in costs can maintain revenues while improving profit contribution.

• Establish a clear, forward-looking line of sight on relevant data for critical decision points

Finance must have access to a robust data set, built around the decisions that drive most economic value in the organization, including assessment of opportunity cost. This demands accurate, verifiable underlying data and an understanding of how the data relates to value chain decisions. This will enable the CFO to conduct scenario planning around these different decision points.

• Develop aligned performance management processes that drive rational decisions

Finance must be able to translate insights and understanding into the desired end product – rational decisions that maximize the desired economic return. Aligning traditional resource allocation processes with business objectives helps ensure repeatability and the sustainability of the organization.

• Ensure compliance and make sure that finance’s voice is heard

The CFO and finance function must be positioned appropriately within the organization to be able to influence decision-making and action. Additionally, finance professionals must improve communication and influencing skills to ensure that their voice is heard and their advice is valued and acted upon.