Jimmy D.

Bucar
PhD-HRM
Risk Management
FINAL REQUIREMENTS IN RISK MANAGEMENT
1. What are the differences between risk and peril and risk and
hazard?
a. Risk versus Peril. Risk is the possibility of a loss or likelihood of a
negative outcome while peril is a cause of loss or an event which
causes a loss. For example, in my profession as a teacher, letting
the students join in an educational tour without proper permit is a
risk because I am jeopardizing their lives at the same time it also
endangers my profession as a teacher. I might be sued for this
illegal activity and could result to perpetual revocation of my
professional license. The accident or any untoward happenings
(e.g. drowning of some students) that might ensue is what we call
as the peril because it is the cause of the possible loss of the lives
of the students and also my license. Other examples of peril are:
falling, crashing your car, fire, wind, hail, lightning, water, volcanic
eruptions, choking, or falling objects.
b. Risk versus Hazard. If risk is the possibility of a loss, hazard is the
condition that increases the possibility of that loss or any situation
that makes it more likely that a peril will occur. For example, the
risk of contracting Sexually Transmitted Diseases increases when an
individual engages in an unprotected sex and promiscuous
relationships.
Source:
http://thismatter.com/money/insurance/risks-perilshazards.htm
2. Describe the different techniques/approaches for dealing with
risk.

There are at least five techniques/approaches for dealing with risk,

these are: acceptance, avoidance, transference, mitigation and
exploitation.
1. Risk Acceptance involves making of an informed decision to
accept the likelihood and impact of a particular risk. It
depends on risk criteria and the risk appetite of top management.
In this approach, while the risk is already identified and recorded,
you take no action. You simply accept that it might happen and
decide to deal with it if it does. This is a good strategy to use for
very small risks risks that wont have much of an impact on your

project if they happen and could be easily dealt with if or when they
arise.
2. Risk Avoidance is the elimination of hazards, activities and
exposures that can negatively affect an organization's assets.
Whereas risk management aims to control the damages and
financial consequences of threatening events, risk avoidance seeks
to avoid compromising events entirely. This is a good strategy when
a risk has a potentially large impact on your project. For example, if
January is when your company Finance team is busy doing the
corporate accounts, putting them all through a training course in
January to learn a new process isnt going to be a great idea.
Theres a risk that the accounts wouldnt get done. Its more likely,
though, that theres a big risk to their ability to use the new
process, since they will all be too busy in January to attend the
training or to take it in even if they do go along to the workshops.
Instead, it would be better to avoid January for training completely.
Change the project plan and schedule the training for February
when the bulk of the accounting work is over.
3. Risk Transference. It refers to the shifting of the burden of loss
for a risk to another party through legislation, contract, insurance
or other means. For example, if you have a third party contracted to
write your software code, you could transfer the risk that there will
be errors in the code over to them. They will then be responsible for
managing this risk, perhaps through additional training.
4. Risk Mitigation involves limiting the impact of a risk, so that if it
occurs again, the problem it creates is smaller and easier to fix. For
example, if you are launching a new washing machine and the
Sales team then have to demonstrate it to customers, there is a risk
that the Sales team dont understand the product and cant give
good demonstrations. As a result, they will make fewer sales and
there will be less revenue for the company. A mitigation strategy for
this situation would be to provide good training to the Sales team.
There could still be a chance that some team members dont
understand the product, or they miss the training session, or they
just arent experts in washing machines and never will be, but the
impact of the risk will be far reduced as the majority of the team
will be able to demonstrate the new machine effectively.

5. Risk Exploitation. This strategy is used if the risk has a positive

impact. It makes use of the risk as an opportunity to benefit
something. For example, the risk that the new washing machines
are so popular that we dont have enough Sales staff to do the
demonstrations? Thats a positive risk something that would have
a benefit to the project and the company if it happened. In those
cases, we want to maximize the chance that the risk happens, not
stop it from happening or transfer the benefit to someone else!

Source: 5 Ways To Manage Risk - (project) Management Nieuws.

(2014). Retrieved October 29, 2016, from https://goo.gl/Uc3KJQ.

3. What are the six steps in the risk management process? Explain
each step.
The six steps in the risk management process are: (1) Identification
of the Hazard, (2) Identification of the Risk, (3) Assessment of Risk,
(4) Controlling of Risk, (5) Documenting the process, and (5)
Monitoring and Reviewing of the entire process. These are
explained below:
1. Identify the Hazard. Examine the work area or consider the
task or process and identify any hazards or potential threats to
health and safety.
2. Identify the Risk. Risk is the potential consequence of a
hazard correlating to the possibility of injury, illness damage or
loss as a result of a hazard. Identify factors that may be
contributing to the risk
3. Assess the Risk. Evaluate the likelihood of an injury occurring
along with its probable consequences. Identify the likely severity
or impact of any injury/illness resulting from the hazard and
identify the probability or likelihood that the injury/illness will
actually occur.
4. Control the Risk. Determine action to eliminate or minimise
the risks. Control of any given risk involves may involve a
number of measures drawn from various options. New work
procedures may also need to be developed. The risk control
hierarchy ranks possible risk control measures in decreasing
order of preference:
a. Elimination of hazard
b. Substitution of hazard
c. Engineering controls
d. Administrative controls
e. Personal protective equipment

5. Document the Process. The information to be documented

should include:
a. Hazards identified
b. Assessment of the risk associated with those hazards
c. Decisions on control measures to manage exposure to
the risks.
How and when the control measures are
implemented
Evidence of monitoring and review of the
effectiveness of the controls
Any checklist used in the process.
6. Monitor and Review. Continue to review and monitor the risk
management process to identify new hazards and continually
review the effectiveness of controls.
Source: http://docplayer.net/17925118-6-steps-to-riskmanagement.html

4. What characteristics distinguish good decisions from bad

decisions in risk management?
A stark difference between and bad decisions in risk
management can be seen in its outcome. Good decisions usually
create positive results (i.e. desired and anticipated results)
whereas bad decisions dont. Good decisions allow you to move
forward to the next step. Bad decisions force you to stop and
adjust. According to Jeff Boss (2015), there are nine
characteristics of a good decision:
1. It positively impacts others.
2. It is replicable.
3. It fosters opportunity.
4. It includes others.
5. It is executable.
6. It is systematic.
7. It is accountable.
8. It is pragmatic.
9. It involves self-awareness.
The opposite of these characteristics distinguishes bad decision
from good decision.

Source: Boss, J. (2015). The 9 Characteristics of a Good

Decision. Retrieved October 29, 2016, from https://goo.gl/v8VtyG

5. Describe the steps in a risk management audit.

A Risk Management Audit is a process by which an attempt is
made to identify, verify, record, measure, analyse and report the
range of risks that may be present in a given situation. This

given situation could be as simple as a 2 hour event (e.g. a sport

event) or as complex as all the risks faced by an organisation in
all its programs and activities over the course of a year. The key
aspect of a risk audit is to identify risks. Unless risks are
identified, people may be completely unaware that a risk exists.
The risk audit process goes further, however, and enables
persons with responsibility to consider and evaluate risks. The
principal components of an effective risk audit process are:
1. Planning
Setting the scope of the risk audit i.e. what is the
situation to be audited?
Determining the method for gathering information
(interview staff, make observations using a checklist,
etc)
Developing checklists and procedures for the auditing
process to ensure the process is thorough
Developing interview questions, as interviewing people
is a key aspect of risk auditing
Arranging site visit(s) and interviews
2. Risk Auditing On Site
Briefing organisation personnel to be involved in the
audit process
Conducting site visit and utilising checklists and
procedures to observe risk controls in place, or not in
place
Conducting interviews with organisation personnel and
probing for knowledge of risk management procedures
Checking existence of policy and procedures which may
have an effect on risk management
Reviewing accident and injury logs
Summarising main findings
Providing organisation personnel with an exit interview
3. After the Risk Audit
Analysing information gathered as a result of the use of
checking procedures
Analysing information gathered as a result of interviews
Preparing a register of risks and evaluating probability
and severity of each identified risk
Preparing a report (draft) on risks identified and
suggesting strategies for dealing with risks
Providing a report and feedback to organization.
Arranging for a meeting to continue next step in the
process

Source: http://www.leoisaac.com/ris/ris027.htm