Читать книгу The Failure of Risk Management - Douglas W. Hubbard - Страница 19

Long definition: The identification, analysis, and prioritization of risks followed by coordinated and economical application of resources to reduce, monitor, and control the probability and/or impact of unfortunate events

Shorter definition: Being smart about taking chances

Risk management methods come in many forms, but the ultimate goal is to minimize risk in some area of the firm relative to the opportunities being sought, given resource constraints. Some of the names of these efforts have become terms of art in virtually all of business. A popular (and, I think, laudable) trend is to put the word enterprise in front of risk management to indicate that it is a comprehensive approach to risk for the firm. Enterprise risk management (ERM) is one of the headings under which many of the trends in risk management appear. I'll call ERM a type of risk management program, because this is often the banner under which risk management is known. I will also distinguish programs from actual methods because ERM could be implemented with entirely different methods, either soft or quantitative.

The following are just a few examples of various programs related to managing different kinds of risks (Note: Some of these can be components of others and the same program can contain a variety of different methods):

 Enterprise risk management (ERM)

 Project portfolio management (PPM) or Project risk management (PRM)

 Portfolio management (as in financial investments)

 Disaster recovery and business continuity planning (DR/BCP)

 Governance risk and compliance (GRC)

 Emergency/crisis management processes

The types of risks managed, just to name a few, include physical security, product liability, information security, various forms of insurance, investment volatility, regulatory compliance, actions of competitors, workplace safety, getting vendors or customers to share risks, political risks in foreign governments, business recovery from natural catastrophes, or any other uncertainty that could result in a significant loss.

As the previous definition indicates, risk management activities include the analysis and mitigation of risks as well as establishing the tolerance for risk and managing the resources for doing all of this. All of these components of risk management are important but the reader will notice that this book will spend a lot of time on evaluating methods of risk analysis. So let me offer both a long and short definition of risk analysis at this point.