Embed Size (px)
Citation preview
1
CRISIS MANAGEMENT
2
Content
Introduction .......................................................................................................................................... 4
Management - basic terms ................................................................................................................... 4
Manager functions............................................................................................................................ 4
Manager responsibilities .................................................................................................................. 4
Organizasion lifecycle .......................................................................................................................... 5
Crisis ................................................................................................................................................ 6
Characteristics of a Crisis ................................................................................................................ 6
Time period of crisis ....................................................................................................................... 7
Threats .............................................................................................................................................. 8
Types of crisis .................................................................................................................................. 8
Crisis situation.................................................................................................................................. 9
Crisis couses ..................................................................................................................................... 9
Symptoms....................................................................................................................................... 10
Crisis Warnings .............................................................................................................................. 11
Logical sequences of crisis ............................................................................................................ 12
Crisis management ............................................................................................................................. 13
Crisis management definition ........................................................................................................ 13
Effective crisis management team ................................................................................................. 13
Approaches to crisis ....................................................................................................................... 14
The escaping approach ............................................................................................................... 14
Solving approach........................................................................................................................ 15
Proactive approach ..................................................................................................................... 15
The reactive approach ................................................................................................................ 15
The Interactive approach ............................................................................................................ 16
Tasks of crisis management during crisis ...................................................................................... 16
Management mistakes .................................................................................................................... 16
Crissis communication ....................................................................................................................... 17
Crisis management methods .......................................................................................................... 18
Crisis management plan ................................................................................................................. 18
Rehabilitation process of a company ............................................................................................. 19
RISK................................................................................................................................................... 21
History ............................................................................................................................................ 22
Risk definition ................................................................................................................................ 22
Risk identification .......................................................................................................................... 22
Business risk - definition............................................................................................................ 22
General risk types........................................................................................................................... 23
Classification of business risks ...................................................................................................... 23
Characteristics of risks ................................................................................................................... 25
Hazard vs risk................................................................................................................................. 26
3
Risk assessment.................................................................................................................................. 26
Steps of risk control ....................................................................................................................... 26
Definition ....................................................................................................................................... 27
Risk assessment flow diagram ....................................................................................................... 27
Risk analysis .................................................................................................................................. 28
Qvalitative methods ................................................................................................................... 29
Qvantitative methods ................................................................................................................. 29
Risk matrix ................................................................................................................................. 30
Risk management ............................................................................................................................... 32
Definition of risk management ...................................................................................................... 32
Risk management - principles ........................................................................................................ 32
Basic strategies in risk management .............................................................................................. 34
4
Introduction The nature of the crises has changed. Today's crises are different from those of the past. The
frequency, types and forms of crises affecting businesses are now increasing. In the past, crises most
often developed slowly, and most of them were able to prevent or dull their effects through
professionally guided planning. These aspects place increased demands on management, which must
be able to respond quickly and in a timely manner to an unfavorable situation, and if a company is
going through a crisis, it must ensure the necessary tools to overcome the crisis development in the
company.
Management - basic terms Management is the organizational process that includes strategic planning, setting objectives,
managing resources, deploying the human and financial assets needed to achieve objectives, and
measuring results.
Management also includes recording and storing facts and information for later use or for
others within the organization.
Management functions are not limited to managers and supervisors. Every member of the
organization has some management and reporting functions as part of their job.
Manager functions
Management development is very closely related to French industrialist Henri Fayol. He formulated
five functions and fourteen management principles. These functions and principles are almost fully
applicable even in crisis management conditions [5].
• prediction(taking into account future objectives and procedures to achieve them);
• organization (provision and utilization of material and human resources),
• assignment(allocation tasks and instructions to subordinates),
• coordination (harmonization of activities of individual workers),
• control (verifying the compliance of the plan and the facts and adopting the corresponding
conclusions).
Manager responsibilities
Every crisis manager should know exactly [5]:
what is his role (what, where and when to do it),
for which he is personally responsible,
to whom it is subordinate or superior,
what duties, but also rights.
5
Organizasion lifecycle Each enterprise exists in a particular business environment, which can be considered appropriate if
the market mechanism actually operates and, based on supply and demand and the economic policy
of the economic center, production factors are effectively valued. If this situation is disturbed, there
are various problems in companies and consequently a crisis.
The cycle consists of five phases:
Establishment - There are only expenses, the company consumes the investment
Growth - expenses exceed revenues, the company is in loss
Stabilization - revenues exceed expenses, the company is profitable
Crisis - incomes fall below the level of expenses, the company gets into loss
Termination - the company can not handle the crisis, the loss is unbearable, business ends
In the life of long-lived enterprises (organizations) different phases take their turn . Many companies
have several repeat cycles and even after a long time may not get to the stage of termination, while
many companies undergo only one cycle and then it terminates. Long-term maintenance of the
organization in a stable phase is the main task of managers at all levels.
6
Crisis
The word crisis comes from the Greek word krinein, which means to decide.
It refers, in other words, to a decisive phase in a sequence of events and was often used in the past to
describe the phase in the course of an illness that meant a decisive turn for the better or the worse.
It is virtually impossible to capture every aspect of a crisis in a single definition. What we are
talking about here, however, is a situation that overwhelms society’s problem-solving resources, that
threatens to tear society’s control systems apart, and which can hence devastate the day-to-day lives
of a great many people.
Тhe term "crisis" associate categories such as failure, conflict, crisis, disaster or loss, extreme
situation, catastrophe, threat, surprise others.
Crisis is a term that refers to a specific period of running an organization when it is threatened its
existence, or its employees lives, its property and other values.
Any undesirable development or a situation where a fundamental opinion, a fundamental measure is
to be taken, can be considered a crisis. The crisis can also be defined as a certain stage in the
development of the system, followed or during which a substantial decision must be taken on the way
forward.
Characteristics of a Crisis
A crisis can be categorised as ‘sudden’ requiring immediate response and recovery or ‘smouldering’
which gradually builds up. A sudden crisis will often occur from external threats, whereas a
smouldering crisis will typically result from internal organisational problems. A smouldering crisis
has potential to be controlled if identified early enough. Whilst each type of crisis has their own set
of unique characteristics, impacts may be the same for both.
A sudden crisis is:
Unpredictable, unexpected
Can happen any time
High degree of instability
Potential for extreme negative results
Management attention, time and energy required
Brings about change
A smouldering crisis is:
Starts slow
Becomes public
7
May escalate to crisis
Protracted
Perceived as the fault of a firms’ leadership
Results in fines, penalties, legal costs
Time period of crisis
There is a parts of crisis phenomena:
" Pre-crisis " characterized by risk factors and failures (symptoms of the crisis); crisis situations of
different types;
"Crisis" - for all types of crises, in particular as a result of the interaction of local crises - the system,
the stratum is a crisis,
" Post-crisis " - a state of the system that has overcome (in one way or another, including - by means
of liquidation) the crisis. [Balog]
I. The pre-crisis phase consists of the following phases:
1. Avoiding the crisis - is based on knowledge of the financial and economic condition of the company
and subsequent implementation of prevention. The analysis of the company is focused on the forecast
of the future state and trends of development.
2. Preparing for a crisis aimed at identifying hazards and risks to business activity and existence. The
preparedness of the company for a possible crisis is associated with the following advantages:
II. The crisis phase includes the following phases:
3. Recognizing the crisis from normal fluctuations in business results is a difficult process. A
company is considered healthy without any doubt about its future.
Post-crisis
Pre-crisis crisis crisis
preparing crisis
recognition
crisis
stabilization
resolution of
the crisis use of crisis
avoiding the
crisis crisis
life
cycle
8
4. The stabilization of the crisis shall consist of identifying the processes by which the undertaking is
aware that it is in crisis and the processes by which it responds to the crisis and adapts to the need for
change.
5 The resolution of the crisis occurs when the diagnosis confirms the crisis in the company. The
intensity of interventions and measures taken by the undertaking to deal with the crisis must be
commensurate with the seriousness of the undertaking's problems.
III. The post-crisis phase consists of:
6. The use of crisis is a prerequisite for successful management of the following problems and crisis
situations in the company.
Threats
The taxonomy of threats in crisis management involves the assignment of threats to specific groups,
which characterise a given threat. From the perspective of crisis management, not all groups will be
prioritised in the same way. While conducting a threat analysis as part of crisis management, the first
step is to locate the threat by taking into account its source, and then its destructiveness level and
spatial extent
Types of crisis
The local crisis covers a particular subsystem of the enterprise, and its results are largely reflected in
the work of the entire enterprise.
9
Systemic crisis - a crisis that encompasses all the subsystems of enterprises and suspend its activities.
Predictable (logical)crises come as a stage of development; they can be predicted and caused by
objective reasons. Before such crises, enterprises prepare and shape crisis plans predominantly.
Unexpected crises are more significant and create greater risk for the company's existence.
Unexpected crises are often the result of gross mistakes in management, or any unexpected large-
scale natural phenomena, or rigid economic dependence, which contributes to the expansion and
spread of local crises.
Crises could be also deep and light.
Deep, sharp crises often lead to the destruction of various structures of the socio-economic system.
They run difficult and uneven; often accumulate a lot of contradictions.
Light, soft crises proceed more consistently and painlessly, they can be predicted, easier to
manage.
There are also crises explicit and latent (hidden). The first proceeds noticeably and easily
manifested. The second one is hidden, proceeding relatively unobtrusively and therefore the most
dangerous.
Crisis situation
Another important and very often used term in crisis management is the crisis situation.
Crisis is the time and space defined or limited by the course of phenomena and processes after the
disturbance of the equilibrium state of social, natural and technological systems and processes that
endanger people's lives, environment, economy, spiritual and material values of the state or region
and its inhabitants
A crisis situation is a situation which, by its nature, negative effects and extent, seriously
disrupts or changes the economic or social functioning of a state, territorial unit or a specific entity.
The crisis situation always represents a loss for the company and its inappropriate or no solution can
lead to the termination of the business
Crisis couses
Practice confirms that businesses are in crisis every four to five years. The crisis is therefore
a natural and inevitable part of the existence of any business. In general, the causes of enterprise crisis
can be divided into two basic groups:
EXTERNAL CAUSES
Market changes affecting businesses
Political decisions
10
Business environment changes
Natural disasters
INTERNAL CAUSES
Unbalanced management and board structure
Management deficiencies
Slow response to change
Lack of information
Lack of transparency
The six basic features of the corporate crisis can be defined as follows:
An enterprise often has less information about a problem than a counterparty.
There has been a strong public and media interest in the issue.
There are surprising situations.
The situation has unexpected and rapid development.
The inability of the company to fully influence the publicity of the topic.
Managers and executives feel panic and worry about further development.
All crises, do not always arise unexpectedly and unpreventably; they warn the managers through
many signs and symptoms
Symptoms
Symptoms are signals (signs) that can indicate a possible crisis in a company or foresee one.
Detecting them in time by implementing the proper preventive actions and timely curative activities
can mitigate the effects of the already existing crisis or even prevent its occurrence.
This is why it is of the utmost importance that signals such as these are not overlooked, disregarded
or underestimated, although these should not be confused with the actual causes of a crisis.
stage
stability
disturbance
limit
stability
reversal
limit
stability
symptoms acute chronic resolved
peak period of the crisis
time
11
Symptoms occur in different areas and often appear to be combined and linked together. It is very
important to take into account that there is a time gap between their emergence and occurrence
(process, appearance) towards which these signals point. Due to this, it is all the more dangerous if
the company does not perceive these warning signals or disregards them. When the signals are
perceived, they are to be analyzed and interpreted in order to determine causes for the emergence of
the events which indicate them, and to do away with or abate the causes by using proper measures
and approaches [18].
Crisis Warnings
Before they occur, the majority of crises sends a trail of early warning signals, which announce
the possibility that a crisis will take place. These signals are sometimes very weak or hard to detect.
The following are some limitations of the crisis warnings:
• Weak or subtle signals
• Sources of crisis signals not viewed as credible
• Signals or threats embedded in routine messages
• Risk/threat messages systematically distorted
• Signals not reaching the appropriate persons
Companies, similar to individuals, try to deny their weaknesses. The reasons why organizations do
not engage in a proper crisis management are often:
• Denial—Organizations deny that they might be vulnerable to threats of imminent crisis and, thus,
decide that no measure is to be taken.
12
• Disavowal—Organizations recognize that a crisis will affect the organization, but its impact is
considered to be too small to be taken into consideration; in other words, the magnitude and
importance of the crisis are significantly diminished.
• Grandiosity—Organizations presume that “we are so big and powerful that we will be protected
from the crisis.”
• Idealization—Organizations consider that crises do not happen to good organizations, thus ignoring
all existing signals of crisis.
• Intellectualization—Organizations minimize the probability of occurrence of a crisis.
• Compartmentalization—The organization believes that if a crisis should affect the company, it will
affect only some departments.
Logical sequences of crisis
Each managed crisis is characterized by a logical sequence of steps aimed at preventing a latent and
acute crisis from occurring, or at least reducing its negative effects. The length of individual phases
of crisis development varies from one to another. There are three options for a managed crisis.
the course of crisis subdued at the stage of symptoms
the course of crisis subdued after the onset of the first symptoms
Fully managed crisis
According to surveys, management and employees are most responsible for the emergence of
business crises.
All crisis management techniques, methods, and plans are based on the question,
"What's the worst that can happen?"
potential
crisis elimination of symptoms
resolution
of crisis
reducing the
probability of next
crisis formation
potential
crisis
resolution
of crisis
reducing the
probability of next
crisis formation
latent
crisis removing the first symptoms
potential
crisis
resolution
of crisis
reducing the
probability of next
crisis formation
latent
crisis
acute
crisis
13
Crisis management All crisis management techniques, methods, and plans are based on the question, "What's the
worst that can happen?"
Having the right crisis management team can mean the difference between survival and disaster
Crisis management definition
Crisis management is a special managerial discipline that focuses on business management
(also project management etc.) in case of crisis. It is focused on preparation for a crisis situation and
on prevention of these situations.
If the organization already finds itself in a crisis situation, it follows the crisis plan.
The basic principles of the crisis management system are:
One of the main features of crisis management should be perception of crisis signals and
prevention of crisis, when detected
early diagnostics of the crisis phenomena of the enterprise;
the urgency of responding to various crisis phenomena;
the adequacy of the company's response to the degree of real threat to its livelihoods;
full implementation of the internal capacity to cope with the crisis.
The manager must be able to predict the causes and source of crisis situations and have a reserve in
advance of a projected mechanism for their modeling and solution in order to choose acceptable
options based on available resources and criteria of advantage.
Management in a crisis situation requires managers to
analyze,
plan,
organize,
direct and control a range of interrelated operations
making quick and rational decisions on urgent problems that arose before the firm.
Effective crisis management team
To build an effective crisis management team you need a combination of people, tools and
structure aligned with the following:
1. A common mindset among team members
2. Training
3. Recognition of weaknesses, hazards, opportunities, threats, strengths, underlying plans
14
4. Active analysis including situational awareness and communication
5. Focused efforts that build credibility
6. Flexible structure that supports long-term functional needs
The overcoming of crises depends on the methods of analysis of crisis situations and the
availability of specialists in the field of crisis management. Management's professionalism is not
limited to the skills of a normal, successful management
Approaches to crisis
In practice, construction companies can use different approaches to prevent crises. These can
be summarized as follows
The escaping approach
This is the approach, which involves the aim of protection from the effects of the crisis and, if
possible, to never enter into a crisis.
The main essence of this approach is;
to define that factors affecting the organizations to enter into a crisis
understand the aims and thoughts, which are accepted by the organizational management for
eliminating the effects of those factors.
The approach of escaping from the crisis, include the strategies to soften the undesired situations and
to avoid them.
Crisis Management
Approaches
The Escaping Approach
The Solving Approach
The Proactive Approach
The Reactive Approach
The Interactive Approach
15
Solving approach
This approach depends both on the prediction of conditions before a crisis and on a timely move for
the problem resolution during a crisis.
In addition, some efforts such as the systematic compilation of information for effective decisions,
extra opportunities for staff in different levels, the reduction of the time pressure, and the detailed
identification of sources of a crisis should be made.
Proactive approach
According to this protective approach, top management should produce alternative solutions against
potential crises. Because of preventive measures, companies that can adapt their production and
marketing activities to crisis conditions can financially be successful while their competitors are in a
panic.
For developing such an approach, items presented below should be fulfilled,
Providing correct and adequate information,
Determining risks,
Establishing early warning systems,
Making a prevention plan,
Forming a crisis prevention team.
The reactive approach
This restoring approach can be chosen by top managers for companies in an unexpected crisis. Such
top managers usually make aggressive decisions by means of an immediate meeting of board of
directors during the crisis. In general, short-term measures in these decisions are
Shrinkage,
Closing some departments,
Deduction in salaries,
Unpaid vacation,
Restriction in extra services,
Dismissal.
By these measures, however, they may lose the trust of personnel, experienced employees, and
customers. The reactive crisis management is the most risk approach, among others. Although it can
be adequate to overcome small-scale and short-term crises, it is an unsuccessful method in the
struggle with large-scale and middle-/long-term crises.
16
The Interactive approach
This integrated approach evaluates the crisis process before, during, and after the crisis.
Because of the information obtained in this process, it includes the continuous organizational
learning and self-control mechanism. A permanent communication and information flow is
provided for the benefit and reputation of all stakeholders.
Companies that are willing to apply this approach should be clear, share the effects of the crisis with
their stakeholders honestly, and determine a common policy against the crisis. The contribution of
stakeholders can be helpful in the survival of these companies.
Tasks of crisis management during crisis
Tasks of crisis management during crisis [1]:
introduction of the crisis management system based on the initial information on the crisis,
getting additional information on the crisis,
correcting measures and executive elements to deal with the crisis after obtaining detailed
information;
appointing an official spokesperson during the crisis and reporting to the media from only one
official location;
interruption of all activities that are not related to the solution of the situation and only to the
organization of rescue, localization and liquidation work,
avoid panic, regular and adequate information,
taking preventive measures against the escalation of the crisis,
declaration of the state of emergency and special regime in the enterprise, depending on the scale
and nature of the crisis,
declaration of specific economic measures (eg cessation of certain production, which could
negatively affect the course of the crisis and its level, on the contrary, introduction of production
that supports the process of liquidation of the crisis),
Regular reporting to the management of the crisis
resumption of the normal regime after the resolution work.
Management mistakes
Management mistakes can be divided into three groups :
• different acting of the management which proves to be inadequate
or less appropriate, regarding the perceived problem (wrong or bad business decisions,
mismanagement),
17
• omission of the correct and timely acting when any decision is made, despite the fact that actions
are necessary (stoppage or
redirection of negative flows, lost opportunities, etc.),
• immoral behaviour (unethical decisions, abuses, deceptions, accounting scandals, criminal
offences).
Crisis management requires openness and credibility, as lies and opacity lead to deprive a company
of public trust, and make it even harder to regain any credibility in the public opinions. Lots of crises
start with a rumor, false information, an unverified piece of news, and so on. The responsibility of
spreading misinformation lies on both the sources and the media.
Crissis communication The crisis communication is defined as the collection, processing, and dissemination of information
required to address a crisis situation.
In an era when social media is the primary news source for many and the speed at which information
spreads is instant, failing to quickly assess a situation can wreck an entire crisis management plan.
You will lose public support and confidence if you fail to realize that a plan needs to be ready
immediately.
1. Recognize the situation and act quickly
Researching and collecting all the facts dealing with the incident needs to be done immediately. This
cannot wait until tomorrow. It is vital to understand the complete story, from both inside your
company and the public, so treat all inquiries seriously. Take action within 24 hours.
2. Develop a plan
After you have gathered the facts and understand the situation, it’s now time to generate and roll out
a plan. Create a timeline of action. Agree on a response as a team and stick with it – don’t go off
script. You should already have a crisis management team to execute your plan. Assign a
spokesperson to be the “face” of the situation, such as a CEO. A respectable figure in the company
offers credibility and can be perceived as showing a high sense of concern. Make sure you keep major
stakeholders aware, so they are not caught by surprise.
3. Prepare to have a media presence
Issue an official statement through some media platform. Prep the spokesperson to handle all of the
questions and concerns he/she might have to respond to by developing talking points. Be consistent
with the message and acknowledge the incident fully.
18
The biggest mistake you could make is to lie
4. Understand the role of social media
Social media is not only a place where news is spread at a rapid rate but it is also a forum for people
to react. Having a social media presence will help you understand how people are feeling about your
company and clear up any misunderstandings before they spread. The public simply wants to know
what is going on and what you are going to do about it
5. Have a post-crisis plan
Unless you are prepared with enough content to bury the incident in search queries, references to the
event will remain at the top of your Google search results. To push your incident down on the search
results, publish new and engaging content that brings out the best about your company.
Crisis management is a management tool whose correct timing and efficient use is a precondition for
success and reversal of the unfavorable situation in the company. The long-term application of crisis
management practices has a negative impact on the corporate culture. Ideally, the crisis management
period does not significantly exceed the one-year horizon. When this time is significantly extended,
there is a problem with the development direction of the company and unlocking the creative
potential. It is not unusual that a rapid and effective exit from the crisis will strengthen the company
and contribute to increasing its integrity and employee loyalty with the company.
Crisis management methods
Crisis management methods and analytical techniques used in crises management:
Crisis Plan
Forecasting
Pareto Principle
Scenario technique
SMART – objectives suggestion
Winterling crisis matrix
Crisis management plan
The crisis management plan “is not a guide as to what to do next in a given situation” but rather a
framework in which good decisions can be taken.
Key questions for a crisis management plan
Does the company have policies and procedures in place to prevent a risk from turning into a
crisis?
19
Do plans exist for dealing with every aspect of the crisis should it occur?
Have the plans been tested to ensure they work satisfactorily?
Which are audiences most likely to be affected by the potential crisis?
Do plans include procedures for communicating effectively?
Have the communications aspects of the plan been tested as well as the company‘s operational
response?
Simply, crisis plan is kind of manual what to do a how to do it in case of crisis.
Among typical crisis situations belong:
Operational accident
Flood
Fire
Radiation
Chemical spill
Suppliers disrupution
Energy blackout
etc.
In term of crisis event classification, we can talk about:
Accident
Natural disaster
Catastrophe
A typical crisis management plan has several sections. CMP should include:
An outline of the purpose, scope and goals of the plan.
An evacuation plan.
A crisis response strategy that develops a framework to manage the crisis.
Contact lists, including staff, vendors and law enforcement.
Media management.
Crisis procedures that define specific responses to a variety of incidents.
Integration with other emergency plans.
Rehabilitation process of a company
The rehabilitation process of a company most commonly takes place in the following phases:
1) determining the causes of the crisis and the levels of its presence and intensity (rough analysis of
the situation);
20
2) evaluating the possibilities for resolving the crisis (pre-rehabilitation test);
3) setting up crisis management;
4) a detailed analysis of the situation with the identification of the key areas of the measures;
5) ensuring liquidity to establish minimum solvency;
6) adopting other measures to halt negative movements and monitoring their effects;
7) assessing the possible rehabilitation alternatives in view of the intensity level of the crisis;
8) creating a strategic rehabilitation plan with simulations of business outcomes;
9) preparation and implementation of medium-term development measures;
10) setting up a system of ongoing monitoring of the achieved effects and the reactions to them
21
RISK
Risk and Crisis Management deal with threats to organizations. The organizations mitigate threats by
applying management programs. Risk Management deals with threats prior to the event occurring
while crisis management deals with threats when it unfolds or after the event occurs.
Key differences
Crisis management is concerned with responding to, managing and recovering from an
unforeseen event.
Risk management is concerned with identifying, assessing and mitigating any activity or
event that could cause harm to the business. Risks can be strategic or operational in nature.
An example of a strategic risk is not preparing adequately for new trends and shifts in the
marketplace, while an example of an operational risk is the cost overrun on an infrastructure
project.
Any action in life brings along with it some risk. There is no running away from it. The same is also
true in the case of business.
Threats and uncertainty have always been the part of human existence, and, in the past, this part used
to be even greater than it is today. Risk semantics is something quite different.
Crisis management
Evaluation of crisis
Risk analysis
Crisis control
Crisis plan
Risk management
Evaluation of risk
Identification of threats
Risk assessment
Risk control
Monitoring
Risk evaluation
Implementation Resolution
Identification of potentionla crisis
situation
22
History
Already the ancient Greeks were afraid of losing their cargo and called this danger rhiza - risk. The
ancient Greek word rhiza - risk, therefore, originally served as a term for seafarers to indicate the
potential dangers of cargo in its shipping. Gradually, this term has spread through the Latin word
rizicare, Spanish risco, French risque, English to risk
Risk is an objective phenomenon as it involves real economic phenomena connected with the
existence of a threat (danger) stemming from, among other things, the demand fluctuations, the
activity of competitors, cooperation conditions, and state regulatory actions.
It is also a subjective phenomenon, because it results from the decision-makers’ knowledge of
economic processes.
Risk definition
risk is understood as a quantitative and qualitative expression of the threat, its degree and rate
risk is an expression of the probability of a negative event and its consequence
Risk identification
Each enterprise must bear certain risks to achieve the profit. Business risk types are distinguished in
order to choose better tools and ways to eliminate risks. But it is important to balance them to keep
them on the optimum level and that they would not cause the termination of the enterprise.
Business risk - definition
By the term ‘business risk’ we mean the uncertainty with respect to firm’s operations. It is a type
of systematic risk wherein there is a volatility associated with the future income or
earnings arising from events, circumstances, conditions, action, or inactions that hinders the
attainment of goals and objectives and carry out the strategies.
Business risk refers to the anticipation that the firm may earn lower than expected profits or even
suffer losses, because of the uncertainties inherent in the business such as competition, change in
customer tastes and preferences, input cost, change in government policies, and so forth. It may
impede the business ability to provide returns on the investment.
Factors that may cause Business Risk Situations
Change in the demand for goods or consumer preferences
The entry of a strong competitor in the market
Changes in the making cost of goods
23
Changes in Government regulations
The economic climate of a country
Changes in the Exchange rate
General risk types
Internal Risk: The risks that emerge as a result of the events occurring within
the organization. These risks can be predicted as the possibility of their incidence, and so, they
are controllable in nature.They arise due to factors like strikes & lockouts by a trade union,
accidents in the factory, negligence of workers, failure of the machine, technological
obsolescence, damages to the goods, fire outbreak, etc.
External Risk: The risk arising as a result of the events external to the firm and so the firm’s
management has no control over it. So, these cannot be forecasted easily. It may arise due
to price fluctuations, changes in customer taste, changes in government regulations, riots, etc.
Business risk - a basic risk that combines the risk of failure with the chance of success. It is
called. overall risk and can be seen as an integral part of economic activity. This risk includes
mainly dynamic economic variables (eg changes in prices of materials, labor, energy, etc.).
Natural (net) risk - a risk where there is a possibility of occurrence of adverse situations not
influenced by human activities, which in most cases cannot be predetermined (eg accidents,
natural disasters, etc.).
Classification of business risks
Strategic Risk: The risks related to the business strategies, plans and tactics. Because there is
uncertainty with respect to their successful implementation, it is called a strategic risk.
24
Financial and economic risk: Economic and financial risks in risk management, is a term that
includes the risks affecting the economic results of the enterprise
These are the risks associated with the management and economic governance in the company, with
errors in other areas of the company and also factors outside the company. Inside the company it may
be risks associated with improper management, including financial implications associated with them
(loss, debt, liquidity problems, etc.), internal management system settings, and inappropriate
management of:
o Credit risks
o Insolvency risks
o Investment risks - an estimate of the profitability and reliability of the investment
o Insurance risks - the estimate of the size of the risk and probability of the insured event
o Currency risks - risks arising from exchange rate changes in international trade
Operational risk: When the company fails in performing day to day operations properly, then
operational risk arises.
In this area we can includ also technical risks.
Technical risks (sometimes also technological risks or innovation risks) in risk management is a
term that refers to the type of business risk. These are the risks caused by the use of new or
untested technologies or technical equipment or means of production. Technical risks exist due to the
constant development and innovation, and arise from the introduction of new products to the market.
Technical risks can be prevented or quickly identified through a series of quality management
methods (e.g. Six Sigma, Poka Yoke). Also training and familiarizing or workers or customers is a
good prevention against technical risks.
Compliance Risk: Such risks are related to the need of the firm to adhere to government rules,
regulations and policies.
Legislative risks in risk management, is a term that refers to the risks associated with legislative
regulation of business. They are new changes to existing laws and regulations and the consequences
resulting therefrom.
Security risks in risk management is a term that indicates the risks associated with the security of
people, assets and information. These include the following risk groups:
• Personal security - property damage, health and life, protection of personal data
25
• Physical security - equipment damage, disruption of objects and systems
• Information risks - breach of data security, network or information system, data abuse or
corruption
Environmental risks in risk management, is a term that refers to the risks associated with ecology.
These include emissions and water pollution, soil and air pollution, releases of hazardous substances,
and the effects of the ozone hole.
Apart from those given above, there are some other risks related to natural calamities like floods,
earthquake, droughts, etc. which also affects the business at large.
Characteristics of risks
The most important characteristics of risk are:
Probability of risk - the probability that the risk occurs
Level of risk
Risk impacts - consequences that occur, if there is a risk situation
Predictability of risk - the chance that the risk can be identified in advance and anticipated
Degree of suggestibility
o Suggestible
o Partly suggestible
o Not suggestible
Effects order - of the origin and elimination
o Primary
o Secondary - these risk types arise from the elimination of the primary risks
o Residual – these risk types remain after their elimination. it is a risk that the entity is
willing to bear
Risk size
o Low
o Medium
o High
Rate of acceptance
o Necessary (required)
o Tolerable (acceptable)
o Intolerable (unacceptable)
Probability of origin and exposure
Improbable
Little probable
26
Probable
Very likely
Almost sure
Hazard and risk are often used interchangeably, but there is a significant and meaningful difference
between the two terms.
Hazard vs risk
Hazard - something that has the potential to cause harm, to people, property or the environment
Risk - the chance or the probability of that hazard causing harm or damage to people, property or the
environment
Risk assessment
No enterprise can completely avoid the risk, but can analyze the risk, measure it and work with the
result.
The first step of the risk reduction process is to analyze them. Risk analysis is usually understood as
a process of defining threats, the probability of their occurrence and impact, and the severity.The
results of the risk assessment will help to identify appropriate management steps and priorities for
risk management and implement risk prevention measures.
Steps of risk control
The risk assessment is important. It’s the way in which enterprises get a handle on how significant
each risk is to the achievement of their overall goals. To accomplish this, enterprises require a risk
assessment process that is practical, sustainable, and easy to understand.
MONITOROVANI
E RIZIKA
ODHAD RIZIKA
KOMUNIKÁCIA
RIZIKA
VNÍMANIE
RIZIKA
OHODNOTENIE
RIZIKA
RIADENIE
RIZIKA
ESTIMATION
EVALUATION
CONTROL
MONITOR COMUNICATION
PERCEPTION
27
Definition
Risk assessment is a process to determine the probability of losses by analyzing potential hazards and
evaluating existing conditions of vulnerability that could pose a threat or harm to property, people,
livelihoods and the environment on which they depend
Risk assessment follows event identification and precedes risk response. Its purpose is to assess how
big the risks are, both individually and collectively, in order to focus management’s attention on the
most important threats and opportunities. Risk assessment is all about measuring and prioritizing
risks.
Risk assessment flow diagram
Develop assessment criteria. The first activity within the risk assessment process is to develop a
common set of assessment criteria to be deployed across units, corporate functions, and large capital
projects. Risks and opportunities are typically assessed in terms of impact and likelihood. Many
enterprises recognize the utility of evaluating risk along additional dimensions such as vulnerability
and speed of onset.
Assess risks. Assessing risks consists of assigning values to each risk and opportunity using the
defined criteria. This may be accomplished in two stages where an initial screening of the risks is
performed using qualitative techniques followed by a more quantitative analysis of the most important
risks.
Assess risk interactions. Risks do not exist in isolation.
Enterprises have come to recognize the importance of managing risk interactions. Even seemingly
insignificant risks on their own have the potential, as they interact with other events and conditions,
to cause great damage or create significant opportunity. Therefore, enterprises are gravitating toward
an integrated or holistic view of risks using techniques such as risk interaction matrices, bow-tie
diagrams, and aggregated probability distributions.
28
Prioritize risks. Risk prioritization is the process of determining risk management priorities by
comparing the level of risk against predetermined target risk levels and tolerance thresholds. Risk is
viewed not just in terms of financial impact and probability, but also subjective criteria such as health
and safety impact, reputational impact, vulnerability, and speed of onset.
Respond to risks. The results of the risk assessment process then serve as the primary input to risk
responses whereby response options are examined (accept, reduce, share, or avoid), cost-benefit
analyses performed, a response strategy formulated, and risk response plans developed.
Risk assessment is often performed as a two-stage process. An initial screening of the risks and
opportunities is performed using qualitative techniques followed by a more quantitative treatment of
the most important risks and opportunities lending themselves to quantification (not all risks are
meaningfully quantifiable).
Risk analysis
Risk analysis is the next step. Once you’ve identified the risks, you need to determine the probability
of their occurrence and the consequences. You should perform qualitative and quantitative analysis
to determine the magnitude of the threats consequences and how to mitigate them.
Risk prevention methods include all techniques and management practices that help to prevent
unnecessary or foreseeable risks. Essentially, they generally include all of the methods that increase
the quality (and thus reduce financial and other risks), planning methods, forecasting, and the use
of best practices. By using best practices and reference models, negative phenomena are being
prevented.
• analytical process to provide information regarding
undesirable events;
• process of estimating probabilities and expected
consequences for identified risks.
• detailed examination including risk assessment, risk
evaluation and risk management alternatives, performed to
understand the nature of unwanted outcome;
29
Qualitative assessment consists of assessing each risk and opportunity according to descriptive
scales.
Quantitative analysis requires numerical values for both impact and likelihood using data from a
variety of sources. The quality of the analysis depends on the accuracy and completeness of the
numerical values and the validity of the models used. Model assumptions and uncertainty should be
clearly communicated and evaluated using techniques such as sensitivity analysis.
Qvalitative methods
Qualitative methods are based on a description of the severity of the potential impact and the
likelihood that the event will occur. They are characterized by the fact that they express risks to a
certain extent.
Qualitative methods use verbal expression. These are used in cases where numerical values (data) for
quantitative risk assessment are missing or difficult to express. These methods can be used to assess
the risk of e.g. as acceptable or unacceptable, small, low, medium, and the like.
Such assessment of individual events uses subjective probability, which expresses the degree of
personal conviction of the occurrence of the assessed event (event) according to defined factors.
Qvantitative methods
Quantitative methods are based on the mathematical calculation of the risk from the frequency of the
threat and its impact. Most often, the risk is expressed in the form of an estimated loss for the selected
period, which is expressed in financial amount. These methods can be used in particular in cases
where there are sufficient relevant data that can be evaluated statistically.
There are used two basic elements:
- probability (frequency) of the occurrence of a negative event (negative event),
- consequences (damages, losses) accompanying or caused by this event.
30
Quantitative methods then use the following to assess the degree of risk:
R = P x C
where: P is the probability of a security risk, C is a consequence of a security risk.
Risk matrix
A risk matrix (also called a risk diagram) visualizes risks in a diagram. In the diagram, the risks are
divided depending on their likelihood and their effects or the extent of damage, so that the worst case
scenario can be determined at a glance.
Advantages:
• Identifies the gravest risks.
• Creates and presents the risk situation with minimal effort
• Presents the risk situation visually and comprehensively.
• Assesses the efficiency of your risk measures.
Both qualitative and quantitative techniques have advantages and disadvantages. Most enterprises
begin with qualitative assessments and develop quantitative capabilities over time as their decision-
making needs dictate.
https://www.youtube.com/watch?v=iSxuBcM-nwI
Probability Consequence
31
32
Risk management
The development of an enterprise involves uncertainties and danger, but it also creates opportunities.
Risk management primarily aims at identifying threats and opportunities. The determination of the
diversified risk impact extent on the enterprise is of pivotal importance
Definition of risk management
Risk Management is a field of management focusing
on risk reduction and analysis, using different methods and
techniques of risk prevention that eliminate existing or future
factors which may increase risks.
The responsibility for risk management in organizations is distributed throughout the management.
The highest responsibility is naturally with owner, the executives and top management of the
company.
Risk management - principles
In terms of systematic approach to risk management, it is possible to distinguish the basic principles
of risk management at the level o individual companies and firms:
1. The risk management monitors compliance with the proposed strategy and sustainable
development of organizations and the topicality of its functions. It is therefore necessary to
establish the general attitude of the company to risk management. The main risk management
options include three approaches:
Cautious;
Prudent;
Risky.
The overall strategy of the company is determined by the selection of the appropriate option. If the
company is focused on market penetration, the prudent or risky approach is more suitable for the
company. If the company is focused on maintaining the market position or to ensure its financial
stability, the cautious or prudent control variant is more appropriate.
33
2. The main objective of risk management is to clearly ensure the successful operation of the
company in terms of risk and uncertainty. For this reason, the risk management program is
integrated into a comprehensive system of management companies and functions as supporting
system.
In addition to the main objective of risk management, there are several sub-objectives to include:
Ensuring effective operations (acquisition of cost savings with the possibility accidental
damage);
Creation of the appropriate level of uncertainty regarding the possible society damage;
Compliance with the legality of the measures taken;
Other targets (depending on the specifics of the company).
3.Quantification and analysis of the impact of the external environment on the stability of the
company and the analysis of the internal state of the company. It is particularly important in
determination of risk possibility.
4. In view of all risks, it is necessary to create a common policy on risk management requiring an
integrated approach and coordinated management.
5. The process of risk management is dynamic and is closely associated with continuous decision-
making with regard to possible or still emerging risk, respectively.
6. Risk management takes human factors (that may present the possibility of failures to properly
identify, analyze, evaluate or treat risks) into consideration and provides reasonable assurance
they are overcome.
These basic principles of risk management should be present in each assessment and decision-making
case but in relation to the concrete realization of the possible different approaches to solving.
The concept of risk management should constitute an inseparable part of an enterprise’s development
strategy. The development of an enterprise involves uncertainties and danger, but it also creates
opportunities
Risk management is aimed at the complete elimination or, at least, the mitigation, of causes and/or
the effects of events that can disrupt the organisation’s economic processes resulting in a crisis.
34
The purpose of risk management is to avoid problems and negative phenomena, avoid the need
for crisis management and to avoid problems. Risk management consists of four interrelated phases,
namely risk identification, risk assessment, risk handling (or reduction), and risk monitoring.
1. Risk minimization, i. reducing the likelihood of an adverse event,
- minimizing the consequences of a negative phenomenon.
2. Implementation of the following systems is necessary to achieve the main objectives of risk
management:
• identification of risks;
• risk analysis - cause of risk and effect of risk - definition of possible damage, location of
damage, forms of damage,
• evaluation of the analysis,
• risk assessment,
• risk financing (the organization bears the consequences of damage or the consequences are
borne by another organization)
• risk strategies
Basic strategies in risk management
“Avoidance” Strategy. The workgroup uses a risk management application to develop actions
plans and risk management templates that let focus on ways to avoid or cease to provide a service
or conduct an activity considered too risky.
“Modification” Strategy. The workgroup strives at changing and modifying the project’s
activities so that the chance of threat occurring and the impact of potential harm can be taken
within acceptable limits.
“Retention” Strategy. With help of a risk management software solution, the workgroup
evaluates the success of admitting all or a portion of the identified risks and gets prepared for the
consequences.
“Sharing” Strategy. By means of a risk management application’s functionality for user
collaboration and online communication, the workgroup is able to consider sharing the identified
risks with another team or organization. Examples of risk sharing strategy include mutual
procurement agreements with other performing companies, insurance, etc.
35
Risk is about uncertainty. If you put a framework around that uncertainty, then you can effectively
control your risk. And that means you can move much more confidently to achieve your goals. By
identifying and managing a comprehensive list of risks, unpleasant surprises and barriers can be
reduced and golden opportunities discovered. The risk management process also helps to resolve
problems when they occur, because those problems have been envisaged, and plans to treat them have
already been developed and agreed. You avoid impulsive reactions and going into “fire-fighting”
mode to rectify problems that could have been anticipated. The end result is that you minimize the
impacts of project threats and capture the opportunities that occur.
