How is risk defined? And what is the definition of risk management?
Which is the correct attitude of a good manager in front of risk? And how come risk is considered to be a combination of danger and opportunity by the Asiatic philosophy? Is it possible to consider risk an opportunity? Or it is just an unfortunately event?
The risk management concept is relatively new, being taken into consideration in the business environment only at the end of the ’90s. And according to Project Management Institute risk management is a systematic process of identification, analysis and response to project risks, a process which includes risk identification, risk quantification, risk response plan and risk response control. Depending on the author of the methodology, the order or the name of these sub-processes varies. Thus, risk identification and risk quantification are sometimes taken together and bear the name of risk assessment or risk analysis; the risk response plan is sometimes also met under the name of risk mitigation plan; the risk response plan and the risk control plan are sometimes taken together under the name of risk management plan. All these processes are important in a risk management plan, but one is definitely considered to be a “landmark” for the rest. And this is risk assessment.
As we will see in this paper, risk management means making steps in order to identify those risks with a highly probability of causing problems, to analyze the probability of loss and the magnitude of loss for each risk and developing composed risks, to classify the risk points identified according to the composed risks they belong to.
In our opinion risk management is much more that being addicted to a model, even its name is BS 7799, ISO 17799, TickIT, ITIL, SOX, CobIT, Octave, Delphi, Mehari, and so forth. Because it is not enough to comply with one of the above to be able to consider even for a moment that the business you run is totally ensured and protected from risks.
In this respect we will try to break down the existing barriers in the theory of the information risk assessment, proposing new models and a new theory. In other words, in this paper we will try to see which are the steps for transforming risk assessment from a complex theory, not just into a policy governed by best practices and standards, but way beyond, into a healthy way of running day to day businesses.
See the entire article here www.managementul-riscurilor.ro!
