StudyDaddy Information Systems Unit IV Risk Mangement Essay

Unit IV Risk Mangement Essay

BBA 4226, Risk Management 1 Cou rse Learning Outcomes for Unit IV Upon completion of this unit, students should be able to: 1. Examine the elements of the risk management process . 1.1 Outline how cultures, structures, and processes impact the risk management process. 2. Analyze the parameters used to categorize risks. 2.1 Outline how risks measures have developed and evolved over time. 2.2 Outline qualitative and quantitative measures of risks. Course/Unit Learning Outcomes Learning Activity 1.1 Chapter 8 reading Unit lesson Unit IV Essay 2.1 Chapter 9 reading Unit lesson Unit IV Essay 2.2 Unit lesson Unit IV Essay Reading Assignment Chapter 8 : Cultures, Structures, and Processes Chapter 9: Tolerability and Sensitivity Unit Lesson In a previous unit, we briefly touched on the causes of risks and covered a process proposed by the Department of Homeland Security called Threat and Hazard Identification and Risk Assessment (THIRA) . The THIRA process needs to be executed within the conte xt of an entity as the identification and assessment of risk varies from organization to organization. Risk identification is based on the environment in which the organization exists. Newsome (2014) notes that unique cultures, structures, and processes de termine the type of risks, tolerance, preparedness, and mitigation approach needed for a proper risk management strategy. Risk is E verywhere Individuals and organizations need to realize that risk is ever present wherever you are. The nature and type of risks also change over time. Organizations must be aware that risks evolve, and the old ways of dealing with risk become dated, requiring new and changing methods to deal with potential risks. Most organizations tend to deny risks by not acknowledging thei r existence. Others take the opposite approach and fight risks by acquiring all types of insurance protection and applying risk avoidance strategies. Neither of these approaches positions organizations to benefit from the presence of risks. Many organizati ons accept the existence of risk by finding ways to estimate its benefits and consequences by mapping out the best strategy UNIT IV STUDY GUIDE Managing Security and Risk – Risk Identification, Tolerance, and Sensitivity BBA 4226, Risk Management 2 UNIT x STUDY GUIDE Title to manage it. Thus, organizations must find ways to take advantage of risks rather than defining them as adversaries. In the last d ecade, risks have become more global as business and economies have expanded across international boundaries. The expansion of business and the interconnectedness of the global economy have made global markets more susceptible to localized events. Consider the following example. In early 2007, investors in the United States woke up to learn that the stock market in Shanghai had lost nearly 10% of its value sending a ripple effect to the U.S. stock market and causing the Dow Jones Industrial Average to drop a little more than 400 points. This event caused other markets around the world to lose their value. In today’s global markets, risks cut across sectors. If one sector is affected, it has spillover effects on other sectors as well. An example is the sub -prime mortgage debacle of 2008. As more credit was provided to customers with poor credit, other markets were also exposed to risk. The sub -prime loan market affected the real estate market which in turn had a negative effect on advertising companies that r elied heavily on the lender industry for sources of revenue. Thus, as risk becomes more global and cuts across all sectors, individuals and organizations are less risk tolerant, and the sensitivity of risk is greater. Furthermore, with the ubiquity of the Internet and the speed at which news travels around the world, fewer and fewer organizations are considered risk adverse. Individuals and businesses must see risk as a threat but also as an opportunity. Risk and Tolerance Perception Thus far, we have defined risk as the probability of injury, damage, or loss under specific circumstances. However, this definition may be incomplete in determining the identification of risk as our perception of risks also plays a role within the definition of risk. If we recall from a previous unit, risk has two ingredients: uncertainty and outcome. The measure of risk could therefore be objective. For example, if a person jumps out of a plane in midair without a parachute, there is no risk present based on the definition. Throughout history, it has been proven that many individuals are attracted to risks, some more than others.

However, at the same time, there is evidence that individuals also avoid risks both from a physical and financial perspective (Damodaran, 2008). T hus, the same individual that bungee jumps for pleasure may refuse to invest in the stock market because he or she considers investment too risky. Damodaran (2008) posited that risk exposure depends on the perceived utility of the risk. That is to say, the value attached to the risk varies from individual to individual. For example, the risk of investing $10,000.00 in the stock market is perceived as high to a poor man as compared to a rich man’s view of low risk. Risk exposure and risk aversion are perceiv ed differently depending on the individual or organization. Thus, risk perception is contextual. Risk tolerance refers to the amount of uncertainty an individual or organization is willing to take when embarking on an endeavor or initiative. Risk toleranc e is also contextual. It is represented based on acceptable or unacceptable outcomes. Many times, these outcomes are measured in minimum and maximum levels the individual or organization is willing to tolerate. For example, in the investment of $10,000 in the stock market above, the individual with less means may not be able to accept the outcome of losing all of his or her money in the stock market whereas the wealthy individual could accept it. Risk appetite and risk tolerance are defined by the risk culture within an individual or organization. Risk culture refers to the norms and traditions of individual and organizational behavior that determine the approach, understanding, and actions towards risks individuals or organizations take. Risk appetite a nd risk tolerance are often used interchangeably, but they are not the same. Table 1 outlines the definitions of both terms. BBA 4226, Risk Management 3 UNIT x STUDY GUIDE Title Source Risk Appetite Definition Risk Tolerance Definition ISO Guide 73:2009 Risk management vocabulary Amount and type of risk an organization is prepared to pursue or take. An organization’s readiness to bear the risk after risk treatments in order to achieve its objectives. Newsome (2014) Risk appetite is the level of risk an organization is able to accept or sustain. Risk tolerance implies that we are prepared to live with the risk without further action. (International Organization for Standardization , 2009) Table 1. Definitions of Risk Appetite and Risk Tolerance Measuring Risk How do we quantify risk? As we know, risks matter, and in order to make proper decisions, measuring risk is a critical activity toward managing it. Quantifying risk implies that we must use probability to calculate the odds of an event (risk) taking place. Risk quantification refers to the process of evaluating identifiable risks and calculating the data needed for decision -making processes. We can take two approaches to quantifying risks. The first one, as we noted in a previous unit, is a qualitative appr oach. A qualitative approach categorizes risks using levels of high, medium, and low (see Figure 1). Qualitative methods do not provide a precise measurement, but provide an idea of the level or significance of risk (high, medium, or low). Figure 1 expands on Unit II’s concept of a matrix by depicting a three -level classification of risk likelihood: high, medium, and low. The matrix also outlines risk impact as serious (high), moderate (medium), and minor (low). The fundamental approach to qualitative risk identification is in addressing a sense of priority for each risk (Pinto, 2016). The second is a quantitative method. A quantitative approach attaches numerical values to risks and the critical risks can then be assessed f rom these numbers for the significance of the impact attached to each risk (see Table 2). Numerical methods for measuring risk include statistical techniques, computer simulations, decision trees, and expected value analysis among others (Pinto, 2016). A quantitative risk assessment can be illustrated by assigning specific numerical values to each risk. Given the Figure 1 qualitative matrix we can assign the following to a given project: Figure 1. Classifying Risks BBA 4226, Risk Management 4 UNIT x STUDY GUIDE Title Probability of Failure Categories Numerical Values  Maturity (P m)  Complexity (P c)  Dependency (Pd) Moderate = 0.30 Minor = 0.20 Moderate = 0.30 Consequence of Failure Categories Numerical Values  Cost (C c)  Schedule (C s)  Reliability (C r)  Performance (C p) Significant = 0.50 Moderate = 0.30 Minor = 0.20 Moderate = 0.30 Table 2. Num erical values assigned to risks According to Pinto (2016) a qualitative risk factor formula commonly use is P f+C f – (Pf)(C f), where Pf is the Probability of failure and Cf is the consequence of failure. The Pf is calculated by adding the three risk identification categories in P and dividing by 3: Pf = ( Pm + Pc + Pd) /3, or as in our example Table 3, (0.3+.3+.3) or .9/3 = 0.3. Likewise, Cf is derived by adding all categories in C and dividing by 4: Cf = Cc + Cs + Cr + Cp)/4 or (.5+.3+.2+.3)/4 or 1.3/4 = 0.325. Thus, when calculating the quantitative risk factor, we have: Pm Pc Pd Pf 0.30 0.30 0.30 0.3 Cc Cs Cr Cp Cf 0.60 0.30 0.20 0.30 0.325 Risk Factor = (0.3) + (0.325) – (0.3)(0.325) = 0.624 (High Risk) Table 3. Risk Factor calculation The rule of thumb for labeling risk levels could be: low risk RF < 0.20, medium risk is where RF is between 0.20 to 0.60, and high risk is when RF > 0.60. Let us keep in mind that this is only a simplified method to quantify risk. Other more complex models exist specifically in the financial markets where statistical risk models include power law and asymmetric distribution models to quantify and predict risk metrics over time. It should be mentioned that even though more complex risk models have surfaced, the more traditional ones are still widely used. Summary In order to manage risk, we must be able to measure it. There are two specific ways to measure the level of risk in an event or action. The first one is a qu alitative approach in which risk is measured based on qualitative criteria such as low, medium, or high probability and the consequences of a risk taking place (see Figure 1). Although a qualitative approach is less precise, most organizations and individu als use this method to measure risk levels. The second approach is a quantitative approach where risk categories are assigned values on the probability and consequence of risks. More complex models to measure risks exist, specifically in the financial indu stry. BBA 4226, Risk Management 5 UNIT x STUDY GUIDE Title References Damodaran, A. (2008). Strategic risk taking: A framework for risk m anagement . U pper Saddle River, NJ: Pearson. International Organization for Standardization . (20 09 ). ISO Guide 73:2009 Risk Management Vocabulary. Retrieved from http://www.iso.org/iso/catalogue_detail?csnumber=44651 Newsome, B. (2014). A practical introduction to security and risk management . Thousand Oaks, CA: Sage. Pinto, J. K. (2016). Project management: Achieving competitive a dvantage (4th ed.). Upper Saddle River , NJ: Pearson .

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!