Sultan Qaboos University

College of Economic and Political Science

Department of Operation Management
Special Topics in Operation Management /POMG4725/10
Fall 2021

Report 1:

Risk management

Student ID Student name

119496 Mohammed Alqasmi
1- What is risk management?
Risk management is defined as the technique or practice to detect, evaluate, prevent, or minimize
any potential risk to a specific project that can impact the desired outcomes. Also, risk
management is evaluating your project's goals and objectives and establishing which risks exist,
as well as what you'll do to address them right away. This can help you avoid project failure in
the long term and save you time and money in the process. Moreover, Risk management is the
process of identifying, assessing, and prioritizing risks as the result of uncertainty on objectives,
whether positive or negative, and then deploying resources in a coordinated and cost-effective
manner to reduce, monitor, and control the likelihood and impact of unfortunate events or to
maximize the realization of opportunities.

2- What is the importance of risk management

Risk management is important because without it, businesses would be unable to establish their
long-term objectives. If a corporation defines its aims without taking risks into account, there's a
good possibility it'll lose its way after one of the dangers occurs. To mitigate the risks, several
businesses have established risk management departments. The teams' mission is to identify risks,
develop appropriate strategies to guard against and prevent future risks, and motivate the
individuals of the organization by encouraging them to cooperate with the strategies. If an
organization can manage their risks, it will be able to make confident decisions in the future.
According to Gary Cohn said "If you don't invest in risk management, it doesn't matter what
business you're in, it's a risky business." In a nutshell, understanding the risks will provide them
with a variety of solutions for dealing with future problems. Risk management aids in the
development of a company's reputation. Because when a manager does business in a tactfully and
successful manner. It increases the company's value. As a result, risk management improve
goodwill. Also, it can improve the performance level of the employees. Because when a manager
is aware of a weakness or a threat, it drives people to perform better in that area. Barry Boehm
said, "Risk management focuses the project manager's attention on those portions of the project
most likely cause trouble and compromise participants' win conditions." Lastly, without good
risk management practices government cannot manage its resource effectively.

3- What are the steps included of risk management

STEP 1. COMMUNICATE AND CONSULT
The purpose is twofold. First, make sure that all your critical stakeholders are present while
discussing risk management. Stakeholders can vary from project to project and program to
program, and they can include a wide spectrum of people might include a variety of internal
stakeholders (finance, HR, Security, etc.) as well as external stakeholders (suppliers, clients, and
contractors etc..). Second, the goal of this process is to emphasize the importance of risk
communication in informing your stakeholders about the risks that have been identified, how they
are being managed, and, as a result, managing expectations on how to share responsibilities and
accountabilities related to various risks and their management.

Step 2. Establish the context

Establishing the context defines the scope of the risk management process and the criteria by
which the risks will be evaluated. The scope should be chosen considering the company's
organizational goals. Because risks are uncertainties that affect the attainment of corporate goals,
so risk can't be properly detected if the goals and strategies where not clear. Risks might occur
because of external or internal factors, External risks are those that arise because of factors
outside of the firm's control, such as the regulatory environment, economic Risk market
conditions. Use the SOWT analyses will help in this factor. Internal risks are those that arise from
the firm's operations and aims, as well as decision-making and the use of internal and external
resources. For example, stability if company's capacity can manage its finances, satisfy its
financial obligations, and return cash to its investors.

Step 3: Identify the Risk

The first step is to identify the risks is the process by which threats, and opportunities are
identified. In this process, information regarding the magnitude, timing and causes of risks is
determined. For Example, SQU uses a variety of methods to identify risks. These may include
surveys, internal and external workshops, individual or group interviews, student and staff
meetings, audit reports, departmental and departmental meetings, study of documents and reports.

Step 4: Analyse the Risk

This stage involves determining the likelihood of a risk event occurring and estimating the impact
of the consequences if that happened. Also, the process of identifying, assessing, prioritizing, and
communicating potential losses related to strategies, actions, and operations. While there is
typically an immediate impact, there may be additional long-term consequences as well, thus
each of these elements should be considered in the calculations. For example, the consider the
loss of a laptop with patient health records, there will be a physical loss, but the loss of that
patient information could result in penalties, lawsuits, and reputational harm that far outweigh the
cost of the lost item. There are some methods for risk analyse. For example, qualitative risk
analysis is a project team determines the probability and impact for a list of identified risks
according to a scale of high, medium, and low. And quantitative risk analysis which are models
risks with a probability-impact matrix using reference class forecasting techniques.

Step 5: Evaluate or Rank the Risk

Risks must be prioritized and ranked. Depending on the severity of the risk, most risk
management solutions have several risk categories. Risks that may cause minor discomfort are
rated low, whereas risks that can result in catastrophic loss are given the highest rating. Ranking
risks is significant because it allows the organization to have a holistic view of the risk exposure
across the board. You evaluate or rank the risk by determining the risk magnitude, which is the
combination of likelihood and Impact. The most companies choose high Like hood and high
Impact to prioritized and rank risks.

Step 6: Treat the Risk

Risk treatment is working through options to manage unacceptable risks to your company. The
degree of unacceptable range in severity, some require immediate treatment, while others may be
monitored and treated later.
Every risk needs to be eliminated or contained as much as possible. This is done by different
options for treating risk:
Avoid the risk
Wherever possible, you might decide not to do the activity that is likely to cause the risk. You
could also use a different approach to get the same result.
Reduce the risk
You can control a risk by two ways. Firstly, reducing the likelihood of the risk occurring. Such
as, through quality control processes, managing debtors, auditing, compliance with legislation,
staff training, regular maintenance, or a change in procedures. For example, if you do not deliver
the product in time, you may get penalty. Secondly, reducing the impact if the risk occurs. For
example, through emergency procedures, off-site data backup, minimising exposure to sources of
risk or public relations.
Share the risk
Reducing the likelihood and the impact of uncertainty. One of a good strategy in sharing the risk
is outsourcings that mane, taking a business unit or function, removing it from the organization
itself, and subsequently contracting another entity do the work.
Transfer the risk
You might be able to delegate some or all the risk to another party. For example, insurance,
outsourcing, joint ventures, or partnerships.
Accept the risk
You may accept a risk if it cannot be avoided, reduced, or transferred. However, you will need to
have plans for managing and funding the consequences of the risk if it occurs.

Step 7: Monitor and Review the Risk

Even after completing each of the preceding steps, it is essential to track and monitor the results
to ensure that risks remain within the boundaries set by the organization's management. Risk
conditions change quickly, asset values fluctuate, and stakeholder preferences shift. Keeping
managers and senior leaders informed about progress toward risk goals and developments that
may have an organizational impact is an important aspect of monitoring. The PDSA cycle (Plan-
Do-Study-Act), allowing for continuous risk management process improvement. The results
inform and enhance the next iteration as diverse teams across the business take activities to
detect, assess, and respond to risk. Not all risks can be completely removed, some risks will
always exist. Market and environmental risks are two examples of risks that must be constantly
managed such as, recently cyclonic Shaheen affect a lot of people, organizations etc..

4- Give an example where you have applied the steps of risk management on your
day-to-day life
One of the most example in day to day live is the house fires’ causes a high impact and can be
avoided by installing alarms periodically and providing a fire extinguisher because it is one of the
most important methods of fire prevention The second risk is drowning in the valley. For
example, if you went with your friends to Wadi Shab so you wear the life jacket to save your
lives. Thirdly, vehicle accidents can be avoided by attaching to the traffic rules such as do not use
the phone and wear seat belts. Moreover, the driver must make insurance for the vehicle so if
there is an accident, it transferred to the insurance company. Fourthly, the risk of your home
being robbed, so you can avoid this threat by placing surveillance cameras. The last risk is being
late from the lectures due to the congestion. You can solve it by waking earlier
5- Explain the relation between risk management and international supply chain,
covering how can risks be identified and what are the risks that can be found in an
international supply chain.
The supply chain global faces more risk than other areas of the company due to its global nature
and its systemic impact on the firm’s financial performance. Also, because, the numerous links
interconnecting a wide network of firms. These links are prone to disruptions, bankruptcies,
breakdowns, macroeconomic and political changes, and disasters leading to higher risks and
making risk management difficult. Because of the numerous dynamics that drive supply chain
risk, threat is a reality of life for supply chain professionals. For example, Quality and safety
issues, supply shortages, legal, security, regulatory, and environmental compliance, weather and
natural calamities, and terrorism. The risk in supply refers to the process of identifying, assessing,
and mitigating risks in an organization's supply chain. It is a way to increase productivity, reduce
costs, and increase efficiency. The first risk that can be found in the international supply chain is
exchange rate risk. The currency price value varies from country to country and can cause a loss
in revenue. Thus, it is best to hedge or use futures and options to minimize loss. The second risk
is laws. The laws of various countries differ for different products and thus the distribution of
products is riskier. The tax rate seems to differ from country to country and so the portfolio sale
comprising Macintosh (Mac) computing systems, the iPad, and other products can be risky. The
last risk is the competition. As technology-related products face high competition, it is necessary
to analyze the competitive strategies of other companies to mitigate this risk.