Risk management
Risk Identification and Analysis
Ing. Šárka Zapletalová, Ph.D.
Katedra Podnikové ekonomiky a managementu
KRIZOVÝ MANAGEMENT

•Risk (Italian risico) - the risk of damage, injury, loss or destruction, or business failure.
Historical term dating from the 17th century.
•Risk is:
–a combination of the probability or frequency of occurrence and consequences of a particular
dangerous event;
–probability or possibility of failure (loss);
–variability of possible results or uncertainty of their achievement; deviation of actual and
expected results;
–the probability of any result other than expected; the possibility of loss or profit.
•Risk management - a systematic and coordinated way of working with risk and uncertainty applied
throughout the company and including all types of risks.
•
Prostor pro doplňující informace, poznámky
Risk

•Internal and external economic risks
•Production (technological) and technical risks
•Social work risks
•Information risks
•Supplier risks
•Political risks
•Market risks
•Legislative risks
•Natural hazards
•
Prostor pro doplňující informace, poznámky
Risk Classification

•Risk management is an area of management focused on analyzing and reducing risk, using a variety
of risk prevention methods and techniques that eliminate existing or reveal future risk-increasing
factors. Risk is a ubiquitous and characteristic accompanying phenomenon of the functioning of
organizations in today's turbulent environment.
•Risk management is a systematic, repetitive set of interrelated activities aimed at managing
potential risks, ie reducing the likelihood of their occurrence or reducing their impact on the
organization and its goals.
•The purpose of risk management is to prevent problems or negative phenomena, to avoid crisis
management and to prevent problems from arising.
•
Prostor pro doplňující informace, poznámky
Risk Management

•Crisis management works with negative developments that are already being implemented. Risk
management is trying to capture all possible variants at a time when they are so far only
theoretical.
•And it is at this point that crisis management and risk management are connected.
•The issue of risk management, control and regulation is a complex matter. Therefore, it is beyond
the power of the individual, however active, to cover this whole set of problems. For this reason,
crisis management and risk management teams began to emerge in companies
•Risk and crisis management consists in the fact that by fully understanding it and capturing it in
time, we can redirect negative developments through appropriate interventions through its
stabilization to their full management. In this way we can save many values, which will be saved by
well-applied interventions.
Prostor pro doplňující informace, poznámky
Risk Management

Risk management consists of several interrelated phases - according to various methodologies, 4, 5,
6 or 8 are distinguished from them. 6 basic phases are most often used, namely:
•risk identification
•risk analysis
•risk evaluation
•risk mitigation
•risk monitoring and review
•
•
Prostor pro doplňující informace, poznámky
Risk Management

Prostor pro doplňující informace, poznámky
Řízení rizika


Risk identification
•Crisis management, together with unreliability, deals with the possible emergence of a risky
situation. In order for this to be recognized, it is necessary to be able to properly describe the
risk and define it.
•The first step in the risk reduction process is to know their properties.
•To identify hazards and hazard scenarios, a good imagination and the ability to predict even such
phenomena, or events about which little or nothing is known so far. This applies in particular to
objects or processes where new technological processes, new materials or new technologies are to be
applied in the implementation.
•However, attention must also be paid to objects, or processes which, under normal conditions, are
not exposed to any danger, but in specific conditions may become significant recipients of risk.
Prostor pro doplňující informace, poznámky
Risk Management

Risk identification
•The concept of danger has two basic features:
–it relates to the future - it is necessary to think about the danger that arises, not about what
could have happened;
–it is vague - an adverse event that is known to occur is certainly not a danger but a fact that
can be actively or passively dealt with.
•Both of these features manifest themselves in the identification of hazards and hazard scenarios,
depending on the context in which the identification takes place.
•The context is the relationship of the hazard assessor to the object or process. The hazard
assessor will have a different relationship to the risk of fire and collapse of the industrial
production plant if he is in the position of: top management, building manager, engineer who
designed the plant, construction contractor who carried out the plant, local politician before the
election, local politician after elections, a disabled worker in the factory, other employees of
the company, etc.
Prostor pro doplňující informace, poznámky
Risk Management

Risk identification
•Different perceptions of danger have a significant influence on people's decisions and behavior.
There are many different situations where people perceive danger only partially or do not perceive
it at all.
•The perception of danger can be relatively easily influenced by different means in different
circumstances and, of course, with different goals.
•The area of serious influence includes information to the recipients, or risk holders about the
danger, its manifestations, the consequences of implementation, prevention, etc.
•The opposite of this influence is, for example, the spread of alarming messages and intimidation
of the population aimed at causing panic, political, religious, commercial propaganda, etc.
Prostor pro doplňující informace, poznámky
Risk Management

Risk identification
•The result of the perception of danger is the degree of tolerance of people to danger or risk. As
hazard identification (also hazard classification and risk quantification) is not an independent
process for humans, the very perception of danger must be taken into account when making decisions.
Above all, it is necessary to consider what analysts and experts consider to be an acceptable
hazard, ie to estimate an acceptance threshold.
•There are three basic levels of risk tolerance.
–Risk aversion. The person is interested in suppressing all dangers so that losses from their
implementation are minimal. He is often even so interested at the cost of increased non-refundable
costs. (Risk aversion is a necessary condition for the creation of an insurance contract.)
Prostor pro doplňující informace, poznámky
Risk Management

Risk identification
•
•Prone to risk. The person is interested in entering the danger, because he is interested in using
the risks offered. The propensity for risk leads a person to look for highly risky variants that
have a hope of a good result.
•
•Neutral attitude to risk. For a person with a risk-neutral attitude, risk aversion and propensity
are in balance.
Prostor pro doplňující informace, poznámky
Risk Management

Risk identification
The following questions should be asked at the beginning of each risk identification:
•What adverse events can occur? (radical interruption of the company's operation caused by
sabotage, strike, flood, fire, insolvency of customers, non-application of products / services on
the market, etc.)
•What is the probability of adverse events? (the six adverse events defined above are classified in
the company from least probable to most probable)
•If an adverse event occurs, what are the consequences? (damage to property, interruption of
activities in selected establishments of the company, destruction of production, lack of funds,
imposition of bankruptcy).
Prostor pro doplňující informace, poznámky
Risk Management

Risk identification
•In order to facilitate the identification of hazards and a more effective understanding of risk
analysis procedures, it is useful to organize hazards into groups, the criterion for classification
being primarily the source from which the hazard originates.
•Several basic hazard groups can be distinguished:
–Technological dangers. (Industrial, transport, energy, chemical, electrical, nuclear, electronic,
communication, etc.)
–Economic dangers. (Insolvency of debtors, obsolescence of technology, volatility of markets,
general changes in values ​​in society, collapse of financial institutions, privatization,
scarcity, overproduction, etc.)
–Political dangers. (Violent changes in the political system, civil unrest, occasional initiatives,
terrorism, demographic development, nationalism, totalitarian regime, etc.)
–Social danger. (Crime, fraud, sabotage, squatters, vandalism, unemployment, etc.)
–Legal and regulatory dangers. (Laws, standards, contracts, lawyers, courts, arbitrators, experts,
etc.)
Prostor pro doplňující informace, poznámky
Risk Management

Risk identification
•Climatic hazards. (Short - term weather events, long - term fluctuations in weather conditions,
climate change, etc.)
•Geological hazards (Seismicity, landslides, sedimentation of soils, groundwater, undermining,
etc.)
•Environmental hazards. (Acid rain, biological damage, electric shocks, meteorites, etc.)
•Physiological hazards. (Epidemics, pandemics, human and animal health, excrement of living
organisms, etc.)
•Psychological dangers. (Subconscious fear, panic, perceived fear, influence by unscientific
theories, etc.)
Prostor pro doplňující informace, poznámky
Risk Management

Risk identification
•
Furthermore, it is possible to group risks according to the general classification into groups and
mark them as critical, important and less important (common):
•critical risk - all threats, the potential losses of which are of such an order that they will
result in the bankruptcy of the company (war conflict, change of legislation);
•important risk - a threat, the potential losses of which will not result in bankruptcy, but
further operation will require the company to borrow funds (natural disaster, embezzlement,
collapse of financial markets);
•common risk - a threat whose potential losses can be covered by the company's current assets or
current income without undue financial pressure (employee strike, lightning strike, short circuit).
Prostor pro doplňující informace, poznámky
Risk Management

Risk analysis
•Risk analysis is usually understood as the process of defining threats, the probability of their
realization and the actual impact of risk realization, ie the determination of risks and their
severity.
•The risk usually does not exist in isolation, but it is usually certain combinations of risks that
may pose a threat to the company in their impact.
•Given the number of risks, priorities need to be identified in terms of impact and likelihood of
their occurrence, and focus on key risk areas.
•It can be said that the risk is greater in some situations than in others. The level of risk
arises from the value of the affected assets, persons, processes, the level of threat and
vulnerability.
•
Prostor pro doplňující informace, poznámky
Risk Management

Risk analysis
•
•Risk analysis works with variables that in many cases cannot be accurately measured and the
determination of their size is often based on a qualified estimate by a specialist, expressed only
on the basis of his experience (usually terms such as "small", "medium", "large" or scale). 1 to
10).
•In the case of an individual, we measure the risk according to the probability of an unfavorable
deviation from the result we hope for.
•In the case of a large number of units exposed to risk, estimates can be made of the probability
of occurrence of a given number of losses.
•Based on these estimates, it is possible to formulate a forecast. The expectation here is that a
predicted amount of losses will occur.
Prostor pro doplňující informace, poznámky
Risk Management

Risk analysis
•
In practice, two basic approaches to risk analysis are promoted:
•Quantitative methods are characterized by the fact that the risks are expressed to a certain
extent (for example, they are scored <1 to 10>, or determined by the probability <0; 1> or verbally
<small, medium, large>).
•Qualitative methods are simpler and faster, but more subjective. It usually presents problems in
the area of risk management, in assessing the acceptability of financial costs necessary to
eliminate the threat, which can be characterized by a qualitative method, such as "large to
critical".
•The lack of a clear financial statement makes it cost-effective to control cost-effectiveness.
Prostor pro doplňující informace, poznámky
Risk Management

Risk analysis
•Quantitative methods are based on a mathematical calculation of the risk and frequency of the
threat and its impact.
•They usually express the impact in financial terms as thousands of CZK. The risk is most often
expressed in the form of an annual expected loss, which is expressed as a financial amount.
•Quantitative methods are more accurate; Although their implementation requires more time and
effort, they provide a risk statement that is more beneficial for their management.
•To support the implementation of quantitative risk analysis, special tools are usually used,
usually in the form of programs, often with a database of information, in which the methodology and
procedure for performing risk analysis is already in place. There are currently a number of these
tools.
Prostor pro doplňující informace, poznámky
Risk Management

Risk analysis
•
•Semi-quantitative assessment uses qualitatively described scales, which are assigned numerical
values, the combination of which determines the degree of risk.
•It serves as a starting point for safety measures in operation (eg point method).
•The result of the risk analysis is the determination of the degree of individual risks,
represented by a combination (product) of the severity of the consequences (N) and its probability
(P).
Prostor pro doplňující informace, poznámky
Risk Management

Risk analysis
Risk analysis with different number of parameters
A. method with two parameters:
•1. evaluation of the probability of the incident and its impact (only 2 PI parameters -
probability of incident and D - impact)
•2. calculation of the risk level R according to the relation R = PI x D P –
•
•Probability of origin and existence of risk
1) Random
2) Unlikely
3) Probable
4) Very likely
5) Permanent
Prostor pro doplňující informace, poznámky
Risk Management

Risk analysis
Risk analysis with different number of parameters
B. method with three parameters
•1. construction of the vulnerability matrix (value of asset A depending on the probability of
threat T)
•2. calculation of the risk level R according to the relation R = T x A x V, where V is the
vulnerability
•3. preparation of the risk matrix from the calculated values (value of asset A depending on the
probability of threat T)
•4. setting boundaries for different degrees of risk R –
Risk level
1)0 - 10: Insignificant risk
2)11 - 20: Acceptable risk
3)21 - 30: Moderate risk
4)31 - 60: Undesirable risk
5)61 - 120: Unacceptable risk
Prostor pro doplňující informace, poznámky
Risk Management