Unit – I: Introduction to Risk Management

1. Introduction to the Concept of Risk

Risk can be defined as the chance of loss or an unfavorable outcome associated with an action.
In finance, risk refers to the degree of uncertainty and/or potential financial loss inherent in an
investment decision. In general, as investment risks rise, investors seek higher returns to
compensate themselves for taking such risks.
Risk management is the process of identifying, assessing and controlling threats to an
organization’s capital and earnings. These threats, or risk, could stem from a wide variety of
sources, including financial uncertainty, legal liabilities, strategic management errors, accidents
and natural disasters. IT security threats and data-related risks, and the risk management
strategies to alleviate them have become a top priority for digitized companies. As a result, a
risk management plan increasingly includes companies’ processes for identifying and
controlling threats to its digital assets, including proprietary corporate data, a customer’s
personally identifiable information and intellectual property.
“Risk management” helps an organization to identify, evaluate, analyze, monitor, and mitigate
the risks that threaten the achievement of the organization’s strategic objectives in a disciplined
and systematic way.

Definition of Risk Management:

1)Risk management is an integrated process of delineating (define) specific areas of risk,
developing a comprehensive plan, integrating the plan, and conducting the ongoing evaluation’
– Dr. P.K. Gupta.
2)Risk Management is the process of measuring, or assessing risk and then developing strategies
to manage the risk’
3)Managing the risk can involve taking out insurance against a loss, hedging a loan against
interest rate rises, and protecting an investment against a fall in interest rates’ – Oxford Business
Dictionary.
When an entity makes an investment decision, it exposes itself to a number of financial risks.
The quantum of such risks depends on the type of financial instrument. These financial risks
might be in the form of high inflation, volatility in capital markets, recession, bankruptcy, etc.
So, in order to minimize and control the exposure of investment to such risks, fund managers
and investors practice risk management. Different levels of risk come attached with different
categories of asset classes. For example, a fixed deposit is considered a less risky investment.
On the other hand, investment in equity is considered a risky venture. While practicing risk
management, equity investors and fund managers tend to diversify their portfolio so as to
minimize the exposure to risk.
Risk encompasses:
○ Negative impacts (Threats): Events that may harm the organization, such as
cyberattacks or economic downturns.
○ Positive impacts (Opportunities): Events that may help achieve objectives, such
as a successful product launch or expansion into a profitable market.

Importance of Risk in Business:

● Risks are inherent in all decision-making processes.
● Ignoring risks can lead to:
○ Financial losses.
○ Reputational damage.
○ Failure to comply with regulations.
● Effective risk management allows businesses to:
○ Protect their assets and reputation.
○ Identify and seize opportunities.
○ Maintain competitive advantage and resilience.
Example of Poor Risk Management:
● BP Deepwater Horizon Oil Spill (2010):
○ Operational risk failures led to an environmental disaster.
○ Consequences: Financial losses, lawsuits, and reputational damage.
○ Highlight: Proper risk identification and management could have prevented this
catastrophe.
Types of Risk
https://www.moneycontrol.com/news/business/personal-finance/-1999405.html
1. Strategic Risks
a. Definition: Risks that affect an organization’s long-term objectives, goals, or
overall strategy.
b. Characteristics:
i. Often external, such as market changes or competitor actions.
ii. Can arise from failure to adapt to trends or technological advancements.
Nokia's Decline in the Smartphone Market
Summary:
Nokia dominated the mobile phone market in the early 2000s but failed to recognize the shift
towards smartphones with advanced operating systems like iOS and Android. Its reluctance to
adopt touchscreen technology and focus on outdated Symbian OS led to declining sales.
Competitors like Apple and Samsung capitalized on this trend, eroding Nokia's market share.
Risks Involved:
● Failure to adapt to technological advancements (strategic risk).
● Underestimating market changes and consumer preferences.

Kodak and the Digital Photography Revolution

Summary:
Kodak, a leader in the photography industry, dismissed the potential of digital cameras despite
being a pioneer in the technology. The company focused on traditional film sales, which
eventually became obsolete. By the time Kodak attempted to catch up, competitors had captured
the market.
Risks Involved:
● Inability to align strategy with technological trends (strategic risk).
● Misjudgment of market direction.

2. Operational Risks
a. Definition: Risks arising from internal processes, systems, people, or day-to-day
operations.
 b. Characteristics:
i. Includes disruptions in production, supply chain, or IT systems.
ii. Often controllable and require quick response.
Factory Machine Breakdowns
Summary:
A global electronics manufacturer faced a sudden breakdown of a key production line due to
inadequate maintenance. This caused a two-week halt in operations, delayed shipments, and loss
of client trust.
Risks Involved:
● Disruption in internal processes (operational risk).
● Failure to mitigate preventable risks through proper maintenance.
IT System Failures in Banks
Summary:
In 2018, a major bank(TSB Bank in the United Kingdom) experienced an IT system outage due
to a failed upgrade, causing customers to lose access to online banking and ATMs for days. The
incident led to customer complaints and regulatory scrutiny.
Risks Involved:
● IT system disruption (operational risk).
● Negative customer experience and reputational damage.

3. Financial Risks
a. Definition: Risks related to an organization’s financial performance and stability.
b. Types:
i. Credit Risk: Risk of customers or partners defaulting on payments.
ii. Market Risk: Losses due to changes in market factors like interest rates
or currency exchange rates.
iii. Liquidity Risk: Inability to meet short-term financial obligations due to
lack of cash flow.
Lehman Brothers Collapse (2008)
Summary:
Lehman Brothers held a large portfolio of subprime mortgage-backed securities. When housing
prices fell, defaults rose, and the firm's financial position weakened. The lack of liquidity to
cover obligations led to its bankruptcy, triggering the global financial crisis.
Risks Involved:
● Exposure to credit risk due to subprime mortgages.
● Liquidity risk, as the firm failed to meet financial obligations.
Kingfisher Airlines' Loan Defaults
Summary:
Kingfisher Airlines heavily borrowed to fund operations and expansion. With rising operational
costs and declining revenues, the airline failed to repay loans, leading to asset seizures and
operational shutdown.
Risks Involved:
● Credit risk from loan defaults.
● Operational inefficiencies compounding financial issues.

4. Compliance Risks
a. Definition: Risks arising from failure to comply with laws, regulations, or
standards.
b. Characteristics:
i. Increasingly important due to stricter global regulations.
ii. Non-compliance can lead to fines, penalties, or operational shutdowns.
Volkswagen Emissions Scandal (2015)
Summary:
Volkswagen installed software to cheat emissions tests in its diesel vehicles. When discovered,
the company faced billions in fines, lawsuits, and reputational damage. The scandal highlighted
non-compliance with environmental standards.
Risks Involved:
● Compliance risk due to regulatory violations.
● Reputational risk from unethical practices.
Food Companies' Safety Recalls
Summary:
A leading food brand failed to meet health and safety standards, leading to contaminated
products reaching consumers. This resulted in widespread recalls and financial penalties.
Risks Involved:
● Compliance risk from regulatory non-adherence.
● Operational risk in quality control processes.

5. Reputational Risks
a. Definition: Risks that damage an organization’s brand or public image.
b. Characteristics:
i. Often arise from social media backlash, unethical practices, or customer
dissatisfaction.
ii. Difficult to quantify but significantly impacts business success.
Social Media Backlash on Customer Service
Summary:
A fast-food chain faced backlash when a viral tweet highlighted poor customer service. The
incident led to negative publicity, a drop in sales, and the need for damage control campaigns.
Risks Involved:
● Reputational risk from customer dissatisfaction.
● Operational risk in service delivery.
Data Breaches and Customer Confidence
Summary:
An e-commerce platform suffered a data breach exposing customer information. The incident
resulted in a loss of trust, reduced sales, and regulatory fines.
Risks Involved:
● Reputational risk from security lapses.
● Financial risk due to penalties and lost revenue.

6. Credit Risk
a. Definition: Risks arising when borrowers or counterparties fail to meet their
financial obligations.
b. Characteristics:
i. Directly linked to lending and creditworthiness.
 ii. Affects cash flow and profitability.
iii. Evaluated using credit scores, repayment history, and risk mitigation
measures like collateral.
Lehman Brothers (2008)
Summary:
Lehman Brothers, a major financial institution, heavily invested in subprime mortgage-backed
securities. When the housing market collapsed, borrowers defaulted, leaving the firm with
massive losses. The lack of adequate risk management and overexposure to high-risk assets led
to its bankruptcy, marking one of the largest financial collapses in history.
Risks Involved:
● Credit Risk: Borrower defaults on subprime mortgages.
● Market Risk: Losses from declining asset values during the financial crisis.
Kingfisher Airlines
Summary:
Kingfisher Airlines faced mounting debts due to poor financial management and operational
inefficiencies. Its inability to generate sufficient revenue to repay loans resulted in defaults.
Despite attempting restructuring, the company lost its operating license and declared bankruptcy.
Risks Involved:
● Credit Risk: Default on loans.
● Operational Risk: Inefficiencies in cost management and operations.

7. Liquidity Risk
a. Definition: Risks of being unable to meet short-term financial obligations due to
insufficient cash or liquid assets.
b. Characteristics:
i. Affects day-to-day operations.
ii. Often arises from asset-liability mismatches or sudden cash flow needs.
Yes Bank (2020)
Summary:
Yes Bank, one of India's largest private sector banks, faced a severe liquidity crunch due to bad
loans and a sudden surge in withdrawals by depositors. The Reserve Bank of India (RBI)
imposed a moratorium to stabilize the situation. The crisis highlighted asset-liability mismatches
and poor risk assessment practices.
Risks Involved:
● Liquidity Risk: Insufficient liquid assets to meet withdrawal demands.
● Credit Risk: Exposure to non-performing assets (NPAs).
Evergrande (2021)
Summary:
Evergrande, one of China's largest real estate developers, struggled to repay its massive debts
amid a slowdown in property sales. Its over-leveraged business model and inability to access
new funding triggered a liquidity crisis, impacting the global financial markets.
Risks Involved:
● Liquidity Risk: Inability to repay debts and meet operational expenses.
● Market Risk: Decline in property sales and falling investor confidence.

8. Interest Rate Risk

a. Definition: Risks of financial losses due to unfavorable changes in interest rates.
b. Characteristics:
i. Affects the cost of borrowing and returns on investments.
ii. Particularly relevant for banks, NBFCs, and other financial institutions.
Silicon Valley Bank (2023)
Summary:
Silicon Valley Bank heavily invested in long-term fixed-income securities. As interest rates rose,
the market value of these securities declined, creating a gap between liabilities and assets.
Depositors, concerned about the bank's solvency, began withdrawing funds, leading to the bank's
collapse.
Risks Involved:
● Interest Rate Risk: Losses from declining bond values due to rising interest rates.
● Liquidity Risk: Inability to meet withdrawal demands.
Indian Housing Finance Companies
Summary:
During a period of rising interest rates, Indian housing finance companies faced reduced demand
for home loans as borrowing costs increased. This negatively impacted profitability and loan
disbursement volumes, compelling companies to revise their growth strategies.
Risks Involved:
● Interest Rate Risk: Higher borrowing costs reducing loan affordability.
● Strategic Risk: Need to adapt to changing economic conditions.

9. Human Resource Risks

a. Definition: Risks arising from workforce-related issues like recruitment,
retention, or employee behavior.
b. Characteristics:
i. Impact organizational productivity and culture.
ii. Can stem from insufficient skills, workplace disputes, or unethical
behavior.
Uber's Workplace Harassment Allegations (2017)
Summary:
Uber faced allegations of workplace harassment and a toxic culture, leading to an internal
investigation. The company suffered reputational damage, executive resignations, and a loss of
market value.
Risks Involved:
● Human resource risk from employee behavior.
● Reputational risk affecting brand perception.
Lufthansa Pilot Strikes (2019)
Summary:
Lufthansa faced recurring pilot strikes over pay disputes, leading to flight cancellations and
customer dissatisfaction. The airline incurred financial losses and damage to its reputation.
Risks Involved:
● Human resource risk from labor disputes.
● Operational risk impacting service continuity.
Risk vs. Uncertainty
Understanding the Difference:
1. Risk:
○ Occurs in situations where possible outcomes are known or can be estimated.
○ Involves probabilities based on past data or patterns.
○ Example: An insurance company estimating accident probabilities to price
premiums.
2. Uncertainty:
○ Occurs in situations where outcomes are unknown and unpredictable.
○ Lacks data to estimate probabilities.
○ Example: The impact of COVID-19 on global supply chains—unprecedented and
unpredictable.
Key Distinction:
● Risk = Measurable Unknowns.
● Uncertainty = Unmeasurable Unknowns.
Real-World Examples:
● Risk: Airlines adjusting schedules for bad weather based on past patterns.
● Uncertainty: Airlines dealing with sudden global flight cancellations due to a pandemic.
Discussion Activity:
● Think of a situation where a business faced uncertainty and discuss how they might
manage such situations.

Basis of Difference Risk Uncertainty

Uncertainty implies a situation

The probability of winning or losing
Meaning where the future events are not
something worthy is known as risk.
known.

It is not possible to measure

Risk can be measured and quantified
Ascertainment uncertainty in quantitative terms, as
through theoretical models.
future events are unpredictable.

Outcomes The potential outcomes are known In uncertainty, the outcomes are
 in risk. unknown.

Uncertainty is beyond the control of

Risk can be controlled if proper
Control the person or enterprise, as the future
measures are taken to control it.
is uncertain.

Minimization of risk can be done by

Minimization Uncertainty cannot be minimized.
taking necessary precautions.

Identification of Risks Faced by Organizations

Risk in business helps detail any financial, practical or social challenges a business may face.
Risk identification can help businesses build better products and processes and improve their
profit margins by identifying and reducing the potential impact of risks. Learning to identify
risks can be a critical skill for managers and business owners.

What is Risk Identification?

Risk identification is identifying potential business risks and analyzing them to learn about their
effects on the business. Risks come in many forms for businesses and different industries may
have different risks. For example, a software development company and a construction company
may share the risk of losing revenue if they don't upgrade their tools for modern processes. Risk
identification allows a business's leadership team to learn more about the risks the company may
face and create solutions to the challenges behind the risk. It also can help provide a clear picture
of a business's risk factors for bank loans or investor funds.

Why is Risk Identification Important?

Risk identification is important at all stages of your business's lifespan because it helps identify
your biggest challenges and helps create a clearer picture of the business's overall health. Here
are a few reasons businesses focus on risk identification:
 Identifying industry challenges: Sometimes, risks are industry-related and can be safety
risks or volatility because of the industry itself. Identifying industry challenges or
specialized risks helps a business plan for future costs or obstacles and helps leadership
know if they're allocating resources to the right places.
 Example:
● Construction Industry: A construction company identifies the risk of on-site
accidents, such as falls or equipment mishandling. To address this, it invests in
safety training and personal protective equipment (PPE) to reduce workplace
injuries.
● Retail Industry: A clothing retailer identifies supply chain risks like delays in
raw material deliveries. It diversifies its supplier base to reduce dependency on a
single supplier.

 Meeting legal standards: Risk identification helps a business understand if it needs to

meet certain legal requirements. For example, a business that serves food may have
different legal risks than a company that makes shoes. Food must adhere to certain
sanitation practices and food production requires certain state and local licenses.
Example:
● Food Industry: A restaurant identifies sanitation risks, such as improper food
storage, that could lead to foodborne illnesses. It establishes strict hygiene
protocols and trains staff to comply with health regulations.
● Pharmaceutical Industry: A drug manufacturer identifies risks related to FDA
approval. It conducts extensive clinical trials and adheres to regulatory guidelines
to ensure its products meet legal standards.

 Appealing to investors: Investors typically look for low-risk, high-yield investments.

These investments produce the greatest reward for the smallest risk and risk identification
helps them understand the full potential of a business's risks. Knowing the risks they
face, investors can make a more informed choice on the businesses they want to support.
Example:
Food Startups: A software startup identifies cybersecurity risks, which could
lead to data breaches. It implements robust encryption protocols and
communicates these measures to potential investors, highlighting its proactive
approach to minimizing risks.
● Green Energy Firms: A solar energy company identifies the risk of changing
 government policies on renewable energy subsidies. It diversifies its revenue
streams by entering international markets to mitigate this risk, making it more
attractive to investors.

 Making projects more efficient: Businesses also use risk identification on a smaller
scale for individual projects or practices. Identifying risks early during the project
planning phase can help the team navigate the challenges more effectively by planning.
Example:
● Event Management: An event organizer identifies weather risks for an outdoor
event. To mitigate this, they book a backup indoor venue and arrange
weatherproof equipment, ensuring the event proceeds as planned.
● IT Projects: A software development team identifies the risk of scope creep
(adding features beyond the initial plan). They establish clear project boundaries
and communicate with stakeholders to keep the project on track.

Ways to Identify Risk

1. Brainstorming
 Brainstorming is the act of gathering team members to think about and discuss a subject
and to form solutions to any identified problems. This kind of meeting allows a team to
speculate on ideas, discuss facts and look at a project's future.
 You can use brainstorming to identify, analyze and address potential risks by hearing
from people who work at the front end of the business. Team members may have a better
understanding of how the business operates from the ground level and can share their own
perspectives of the company's risks.
 Brainstorming is an effective method because it allows everyone to speak and practice
their critical thinking skills. You can host a brainstorming session each month to
determine what your team thinks are the project's biggest risks, allowing everyone to
communicate and helping to bridge the gap between leadership and staff.
Example:
● Manufacturing Industry: A manufacturing company conducts a brainstorming session
to identify risks in the production process. Frontline workers highlight issues like
 inconsistent raw material quality or equipment maintenance delays. Based on these
insights, management establishes a stricter supplier evaluation process and implements a
preventative maintenance schedule.
● Software Development: A software project team brainstorms risks before launching a
product. Developers flag potential bugs, and marketing flags customer adoption
challenges. The team prioritizes testing and user training.

2. Stakeholder interviews
 Stakeholders are the people who have an interest in your project or business, and
interviewing them may help you better understand what they believe are the biggest risks.
 Stakeholders often have invested significant resources, whether it be time, money, labour
or all three, into your business. They understand risk from an outsider's perspective as an
investor, not a labourer or leader. This viewpoint can help you learn what concerns your
investors and how to address it.
Example:
● Retail Business: A retail chain interviews investors who highlight risks related to rapid
expansion, such as inadequate supply chain infrastructure or market saturation. The
business slows its expansion plan to stabilize existing operations before growing further.
● Construction Project: A real estate developer interviews a financial partner who
identifies cash flow issues as a potential risk due to delayed payments from buyers. To
address this, the developer introduces milestone-based payment schedules.

3. NGT technique
 The NGT, or nominal group technique, is another method of brainstorming that offers a
more in-depth approach to the subject. Participants write their own ideas about the
challenge without discussing it directly with other group members. Then, a senior
member of the team asks each participant for their thoughts, which are written on a chart
or whiteboard with overlapping items removed.
 The team discusses each item to ensure everyone understands them, and then you can
work to prioritize each one. The team can explore the top three items further, analyzing
them and creating solutions. The NGT technique depends on honesty and teamwork and
 provides a more comprehensive approach than brainstorming.
Example:
● Marketing Campaign: For an upcoming product launch, the marketing team uses NGT
to identify risks. Team members individually list potential issues, such as competitor
campaigns, insufficient ad reach, or negative feedback on social media. After discussion,
the team prioritizes managing competitor responses and optimizing ad targeting
strategies.
● Healthcare Project: In a hospital, staff use NGT to analyze risks in patient care.
Participants suggest concerns like understaffing, outdated equipment, and communication
gaps. The top issues are tackled first, leading to better patient outcomes.

4. Requirements review
 A requirements review is a review of a project's labour, material or financial
requirements, and allows the team to analyze requirements often and identify potential
risks quickly. The team can complete a requirement’s review throughout the project
timeline to understand risks and requirements at each stage of production.
 During production, requirements can change, which also may change the risk involved.
For example, if a process requires twice as much material as originally speculated, the
financial risk of the project rises because of additional costs.
Example:
● A construction company initially estimates 100 tons of cement for a building project.
Midway, they discover that the structural design needs an additional 50 tons due to safety
standards. This increase raises financial risks, so they secure additional funding or
reallocate budgeted resources to meet the need.

5. Project plans
 A project plan is a basic outline of the project and its needs. This includes things like
material and labour needs, the timeline for the project and any risks that come with it.
 A detailed project plan may help the team understand the nature of the project and what it
takes to reach the project's goal. It also allows investors and stakeholders to understand
what they're investing in and how the team progresses and offers a return on the initial
 investment.
Example:
● For a software development project, the team creates a project plan detailing the tools
needed (e.g., AWS servers), human resources (5 developers, 2 testers), and a timeline
with milestones. The plan identifies a potential risk of delays due to server setup issues,
prompting them to schedule it earlier in the timeline.
● Investors use the plan to understand their expected return timeline and the risk factors
involved.

6. Root cause analysis

 A root cause analysis is an investigation of previous project risks and how they relate to
one another and the current project. The root cause can be anything from financial
challenges to outdated equipment or poor-quality materials.
 Finding the root cause can allow the team to identify common challenges in the project or
business and minimize them for greater project efficiency.
Example:
● In a manufacturing plant, frequent delays in production are analyzed. The root cause is
found to be outdated machinery causing breakdowns. By upgrading equipment, the
business minimizes future risks, ensuring smoother production processes.

7. SWOT Analysis
A SWOT, or strengths, weaknesses, opportunities and threats analysis, is a great way to
understand a project's or business's risks alongside other important factors. A thorough SWOT
analysis can show investors why a business or project is worthy of investment and helps the
team better understand their efficacy in reaching goals. A SWOT analysis examines four factors:
 Strengths: Areas where the team excels and how they relate to projects.
 Weaknesses: Areas where the team can improve to increase productivity and efficiency.
 Opportunities: Areas where the team or business can improve or expand.
 Threats: Areas of risk for the project or business and how the team can minimize those
risks.
 Example:
● For a renewable energy startup:
○ Strengths: Innovative technology and expertise in solar panel manufacturing.
○ Weaknesses: High upfront costs and limited access to funding.
○ Opportunities: Growing demand for clean energy due to government subsidies.
○ Threats: Emerging competition and fluctuating raw material prices.
● Based on this analysis, the team decides to focus on securing long-term supplier contracts
(to mitigate raw material price volatility) and to leverage subsidies to enhance
competitiveness.

Why Identify Risks?

● Risk identification is the first step in managing risks effectively.
● It allows organizations to:
○ Prioritize risks based on their potential impact.
○ Prepare appropriate responses.
○ Protect critical business objectives.
PROCESS OF RISK MANAGEMENT
The process of risk management is a comprehensive approach to identifying, assessing, and
managing risks that may affect an organization. The process ensures that potential risks are
addressed effectively to minimize their negative impacts. Let's break down the process and
explain it with relevant examples:

I. Establish the Context

This initial stage helps the organization understand the environment in which it operates. It
involves gathering data on both the external and internal factors that might influence the
business. The external factors could include market conditions, legal regulations, and the
socio-political environment, while the internal factors include the organizational culture, internal
processes, and resources.
Example: A global technology company like Apple may establish the context by analyzing its
external environment (such as consumer demand, competitors, legal regulations) and internal
capabilities (such as supply chain efficiency and product development capacity). This helps
Apple understand the risks it might face in entering new markets or launching new products.
II. Risk Identification
Once the context is established, the next step is to identify potential risks. This involves
recognizing events or situations that could potentially harm the organization. The risks could
stem from various sources: financial issues, market fluctuations, regulatory changes, operational
failures, etc.
Example: A financial institution like HSBC may identify risks such as regulatory risk (due to
changing financial regulations) or cybersecurity risk (due to potential data breaches). The bank
may also use methods like brainstorming and checklists to identify risks across different
departments.
III. Risk Assessment
After identifying risks, the next step is to assess their potential severity and likelihood of
occurrence. This helps prioritize risks, ensuring that resources are focused on the most critical
threats. Risk assessment often involves both qualitative and quantitative methods, such as
probability analysis and impact estimation.
Example: A manufacturing company like Toyota may assess the risk of supply chain
disruptions. They might assess the likelihood of natural disasters affecting suppliers in Japan
and the potential impact of such disruptions on production timelines and costs. Toyota could then
prioritize this risk based on its severity and probability.
IV. Potential Risk Treatments
Once risks are assessed, the organization needs to decide how to handle them. There are several
strategies to manage risks:
1. Risk Transfer: This involves shifting the risk to another party, usually for a cost. This is
common in insurance contracts.
Example: A small business may transfer the risk of property damage to an insurance
company. In case of a fire or natural disaster, the insurance would cover the losses.
2. Risk Avoidance: This strategy involves avoiding activities or situations that carry a risk.
This may mean not pursuing certain business ventures or stopping a project that presents
too much risk.
Example: A company may choose not to expand into a politically unstable country to
avoid the risk of political instability and potential losses.
3. Risk Control: This involves taking steps to reduce the impact of risks. This could
include installing safety measures, improving processes, or enhancing employee training
to mitigate risks.
Example: A construction company might implement safety controls to prevent accidents
 on the job site, such as providing protective gear to workers and ensuring regular safety
drills.
V. Review and Evaluation of the Plan
Risk management is an ongoing process, and the initial plans may need revisions based on actual
experiences or new information. Regular reviews ensure that the risk management plan stays
relevant and effective.
Example: A retail company like Walmart may periodically review its risk management plans
for supply chain management to ensure that they are still effective in light of any changes in
supplier reliability or transportation costs. The review could lead to a reassessment of risks and a
new approach to risk treatment.

Objectives of Risk Management

1. Identify and Evaluate Risk: Risk management helps identify risks early and assess their
impact, allowing organizations to develop strategies to mitigate them.
Example: A tech company identifies the risk of new competition and assesses its
potential to reduce market share. This allows the company to adapt its strategies to stay
competitive.
2. Reduce and Eliminate Harmful Threats: Effective risk management reduces or
eliminates the harmful effects of risks, improving business performance.
Example: A pharmaceutical company reduces the threat of product recalls by
implementing stricter quality control measures.
3. Supports Efficient Use of Resources: Risk management helps allocate resources more
effectively, ensuring that risks are managed in a way that does not waste resources.
Example: A construction firm may optimize its use of resources by planning for
potential delays in supply chains, reducing the need for costly last-minute solutions.
4. Better Communication of Risk: Risk management enhances communication between
stakeholders, ensuring that everyone in the organization is aware of the risks and how
they are being addressed.
Example: In a multinational company like Nestlé, the risk management plan may
involve regular updates to both local and global teams to ensure alignment in handling
food safety risks.
 5. Reassures Stakeholders: Risk management builds confidence among stakeholders (such
as investors, customers, and employees), assuring them that the company is prepared to
handle unforeseen events.
Example: A publicly traded company like Tesla reassures investors about its ability to
navigate supply chain risks through transparent communication and risk mitigation
strategies.
6. Support Continuity of Organization: Risk management ensures the long-term survival
and success of an organization by proactively addressing risks that could threaten its
operations.
Example: Amazon has a robust risk management strategy in place to address various
risks like logistical disruptions, ensuring business continuity even in the face of supply
chain disruptions.

Impact of Risk on Organizations

1. Poor User Adoption: If the risk management process is overly bureaucratic or complex,
employees may fail to adopt the process, leading to inefficiencies.
Example: A software company may face resistance from employees if its risk
management protocols are too cumbersome or unclear, hindering productivity.
2. Unrealized Benefits: Ineffective risk management may delay project completion or
cause additional costs, affecting the realization of potential benefits.
Example: A construction project that faces delays due to unmanaged risks (like
machinery failure) may cause the company to miss out on potential profits from the
timely completion of the project.
3. Late-running Projects: Risks that aren’t managed properly can delay projects, pushing
them beyond deadlines and causing additional costs.
Example: An IT company’s software development project may be delayed due to risks
like technical challenges or talent shortages.
4. Overspent Budgets: Failing to account for risks in the budgeting phase may lead to
overspending when unforeseen events occur.
Example: A film production company might face budget overruns if it fails to account
for risks like location issues or unforeseen special effects costs.
5. Unhappy Clients: Clients may lose confidence if risks aren’t properly managed, leading
to dissatisfaction and potentially lost business.
Example: A consulting firm may lose a major client if risks related to project delays or
mismanagement are not communicated and mitigated.
6. Reputational Damage: Poorly managed risks can lead to significant reputational harm,
impacting customer loyalty and brand perception.
Example: A food chain like Chipotle faced reputational damage due to food safety risks
in the past, which led to a loss of consumer trust.
7. Project Failure: The ultimate impact of poor risk management is the failure of a project,
which could lead to wasted resources and lost opportunities.
Example: A tech startup might fail to launch its product on time due to unforeseen
market risks, leading to missed opportunities and financial losses.