Embed Size (px)
Citation preview
PROF. BHASKER V. BHATTCIVIL ENGINEERING DEPARTMENT
SCET, SURAT
Crisis and Risk management
20:57# # # KEEP TAKING NOTES # # #
2
Risk - defined
Risk, is an integral part of the economic scenario, and can be termed as a potential event that can have opportunities that benefit or a hazard to an economic component.
Definition,The effect of uncertainties on objectives
(whether positive or negative). Or The chance of something happening that
impacts development objectives…
20:57# # # KEEP TAKING NOTES # # #
3
Types of Risk
Financial risk: It usually includes loss of funding. Process risk: It includes business processes with
many risks that probably lead to project failure. Time risk: It includes risks related to time
(delay). Human risk: It includes loss of critical employee
or loss of employee which had more knowledge on the project processes.
Physical risks: It includes damages caused to the physical resources such as powerful equipment or damage to the building.
20:57# # # KEEP TAKING NOTES # # #
4
Crisis and risk management
• Crisis or Risk handling/ management process includes the following:
• Identification, assessment and the prioritisation of various risks.
• Minimising, monitoring, and taking control of the probability and impact of risks by coordinated application of all the resources.
20:57# # # KEEP TAKING NOTES # # #
5
Risk Analysis
Risk analysis is the procedure of analysing the threats posed by the natural or human-caused events which enables to find the way to reduce or eliminate the impact of risks.
Conducted in the beginning of a plan
There are two types of risk analysis Qualitative Risk Analysis Quantitative Risk Analysis
20:57# # # KEEP TAKING NOTES # # #
6
Qualitative Risk Analysis
The qualitative risk analysis enables to identify the main sources of risk which is basically done with the help of checklist, interviews and brainstorming sessions.
It is considered as an evaluation process which involves description of each risk and its impacts or the subjective labelling of risk (high/low) in terms of risk impact as well as possibility of its occurrence.
20:57# # # KEEP TAKING NOTES # # #
7
Qualitative Risk Analysis - features
The main features of Qualitative Risk Analysis are:
It is extensively used.
It provides an estimate of possible loss/impact occurred.
No probability record is required.
It shows the risk level.
20:57# # # KEEP TAKING NOTES # # #
8
Quantitative Risk Analysis
Quantitative Risk Analysis is a technique which often provides mathematical estimates that allow organisation to understand the impact of risk exposure to people, business and market.
Note that there is no accurate probability record in quantitative risk analysis.
The probability is unique to each case.It is not easy to find out the expected loss.
20:57# # # KEEP TAKING NOTES # # #
9
Quantitative Risk Analysis - Features
The main features of Quantitative Risk Analysis are:
Elements such as Probability and Likely Loss are used.
Result of [(Probability) x (Likely Loss)] is produced.
It requires measurement of uncertainty in terms of time and cost estimate.
Fairly limited use.
20:57# # # KEEP TAKING NOTES # # #
10
Method - 1
1. Single Loss Expectancy (SLE): This is considered as the loss of value related to a single security incident.
2. Annualised Rate of Occurrence (ARO): After calculating SLE the project team then calculates ARO of the risk. It is considered as an estimate based on the data which find out the regularity of the threat that would be successful in exploiting vulnerability.
3. Annualised Loss Expectancy (ALE): Based on the information received from the estimates of the various threats, the ALE is calculated. It is the product of SLE and ARO. It can also be considered as the measure which determines the extent the organisation could estimate the loss from a task, based on the type of risks or threats.
20:57# # # KEEP TAKING NOTES # # #
11
Monte Carlo Simulation
Monte Carlo Simulation is the most flexible and widely used method for determining the performance of some task or process that involves uncertainty.
This process helps to find the possible impact of uncertainty that the plan may face due to variable market demand, variation in manufacturing process, fluctuating costs and so on.
In general it is the computerised mathematical technique that enables people to calculate the estimated risks in quantitative analysis as well as in decision making.
20:57# # # KEEP TAKING NOTES # # #
12
Risk analysis – type of threats
Human: Threat can be from each individual or group of individuals in the form of illness, death or strikes.
Operational: Threat can be in form of disruption to products, not being able to access or distribute the essential equipments and so on.
Reputational: Threat can be caused by damage to reputation in the market due to loss of good business partners.
Procedural: Threat can be caused due to fraud accountability and failure of internal systems and controls.
Project: Threat can be due to cost over-runs, insufficient product or service quality and so on.
Financial: Threat can be caused by drop in stock market, business failure or unemployment.
20:57# # # KEEP TAKING NOTES # # #
13
Risk analysis process
20:57# # # KEEP TAKING NOTES # # #
14
Identify threats
In order to identify threats, there are number of different approaches:
1. List all the sources of threats and check whether any of these apply to the plan.
2. Consider from the point of organisation or structures and analyse risks that might occur on those part.
3. Check for any vulnerabilities within these structures.
4. Get different perspectives by asking to stakeholders.
20:57# # # KEEP TAKING NOTES # # #
15
Estimate Risk
After identifying the threats, the next step is to measure its impact.
This can be done by estimating the probability of the event occurring and then multiplying these estimates with the cost that may incur to get the things right.
20:57# # # KEEP TAKING NOTES # # #
16
Risk Assessment
Risk assessment is one of the essential steps in risk management process.
Based on the identified threat, risk assessment process helps to find out the quantitative or qualitative value of the risk.
This process enables to study the impact and the effect of recognised risk in the project as well as to help to take an appropriate measure if that risk is possible to occur.
20:57# # # KEEP TAKING NOTES # # #
17
Risk Assessment Cycle
20:57# # # KEEP TAKING NOTES # # #
18
Managing Risk
To manage the risk identified, Accept the risk under consideration Plan for accepted risk to be adopted or eliminated Elimination sometimes cause alteration in set of
objectives Selection of cost effective measures
Risk can be managed in following ways: By using existing assets By contingency planning By investing in new resources
20:57# # # KEEP TAKING NOTES # # #
19
Risk Handling strategies
20:57# # # KEEP TAKING NOTES # # #
20
Risk Handling strategies - objectives
Risk handling strategies achieve the following objectives:• Perform risk assessments.
• Establish risk handling priorities.
• Develop risk handling plans.
• Monitor the status of risk handling actions.
• Implement appropriate risk management strategies.
• Raise awareness of risk management.
20:57# # # KEEP TAKING NOTES # # #
21
Risk mitigation
Risk mitigation refers to the systematic reduction in the likelihood of risk occurrence.
It is also called as risk reduction. Risk mitigation includes the following actions:
• Prioritising actions • Evaluating recommended control options • Conducting cost-benefit analysis• Selecting control • Assigning responsibility• Developing a safeguard implementation plan • Implementing selected control(s)
