risk management in business analysis

risk management in business analysis

As per the Business Analysis Book of Knowledge Risk management is an ongoing activity. Continuous consultation and communication with stakeholders help to both identify new risks and to monitor identified risks. Risk analysis and management identify areas of uncertainty that could negatively affect value, analyzes and evaluates those uncertainties, and develops and manages ways of dealing with the risks. Failure to identify and manage risks may negatively affect the value of the solution. Risk analysis and management involve identifying, analyzing, and evaluating risks. Where sufficient controls are not already in place, business analysts develop plans for avoiding, reducing, or modifying the risks, and when necessary, implementing these plans.

Risk analysis and management involveidentifying, analyzing, and evaluating the risks that negatively affect the product outcome. Risk management is the process of identifying, assessing, and controlling threats to an organization’s capital and earnings. These risks stem from a variety of sources, including financial uncertainties, legal liabilities, technology issues, strategic management errors, accidents, and natural disasters.

How

Risk Analysis is mentioned in the Business Analysis Book of Knowledge and is it’s own task in the Strategy Analysis knowledge area in the BABOK. Risk Analysis is important to know for a Business Analyst because it enables the effective implementation of change. As an example, say your organization is looking to transition from fuel-based vehicles to electric vehicles, some of the risks that you as a Business Analyst may identify are are Risk of if the electric pumps are not set up properly they could cause a fire thus causing damage to the vehicle and financial losses to the company.

Enterprise Risk Management Powerpoint Template

What this means is that Organizations accept different levels of risk depending on their risk attitude. The risk tolerance, appetite, and threshold of the organization and its stakeholders must be fully understood, defined, and communicated. An organization may be risk-averse, risk-neutral or risk-seeking. A risk-averse organization seeks to reduce risk as much as possible and gravitates towards attaining a high level of certainty on its projects. For risk-neutral organizations, the benefits of the risk response must be equal to or outweigh the costs. Risk-seekers on the other hand, accept low chances of success as long as the benefits of success are considerably high.

A risk register is a tool that is used to help foster discussions among stakeholders and key stakeholders regarding an organization’s key objectives and the unplanned events that could interfere (or enhance) the organization’s ability to achieve them.

Specifically, a risk register is a list of an organization’srisks, along with their ratings (scores or risk levels), responsible executives, areas affected and a summary of the actions being taken in response to the risk.On the right is an example risk register taken from the Essential ERM system.

Requirements Risk Management: What's In It For Business Analysts? — Business Analyst Learnings

The image above shows many of the elements that are typically documented within a risk register, including a name for the risk, a category (and sub-categories), inherent riskscores, control effectiveness, residual riskscores andrisk velocity. Risks also usually have a rank showing their relative priority and include a summary of the action plans assigned to them, as well as the areas of the business that would be impacted if the risk events were to occur. They may also indicate if a risk’s residual rating is above, below or within the allowable thresholds set through the organization’srisk appetite framework.

Other important areas to consider adding to your register are the strategic objectives impacted, therisk treatmentstrategy to be followed, root causes, pre-event mitigations(controls), post-event mitigationsand eventual consequences (qualitative and quantitative). Note that while this information is extremely important for the risk assessment and process, it is often difficult to capture and maintain in a spreadsheet because of the many-to-many relationships between these risk elements (more on this below).

Acceptance:When there’s no way to avoid, transfer or mitigate risk, the organization accepts that there is nothing that can be done and makes no effort to deal with it.

Risk Assessment Vs Business Impact Analysis

Enhance:This is the exact opposite of mitigating. The organization takes steps to increase the probability of anopportunity occurringand itsassociated benefits, should it occur.In my mind Project Management is Risk Management. And so are defined business processes. Much of the ISO9000 quality framework is based upon the belief that standardised processes increase quality through a reduction of defects; which is risk management at the operational level. The favour that the Prince2 methodology has is that it’s a process that guides people through the project; reducing risk through knowing what the expectations and next steps are going to be. Similarly PMI has created processes and checklists of things to tick off in 9 areas of project management – so you can mitigate the risk of ignoring or forgetting certain aspects of the project.

Naturally these are also more than project management, but Risk Management is fundamental to what they are and what they do. etc

As business evolves into the 21st Century, and as your career as a project worker develops the complexity of the environment escalates and so does the scale of projects you work on and the potential costs of failure. So risk management becomes more and more crucial to managing better projects. This is a Risk management 101 article running through the key areas of project risk management.

Risk

Risk Analysis And Management

Different project managers and business analysts have different approaches to risks. Some only want important risks flagged others only want risks flagged that are specifically related to the project’s scope and others, like me, like to capture all risks identified by the project team and stakeholders. The important thing to remember is what you’re there to do, and how risk identification can help or hinder your efforts.

Regardless of the threshold for entry onto your risk register it is critical to have one and to pro-actively manage risks. Many projects hold risk workshops early in the project and leave it at that. Some hold risk workshops at the beginning of each phase of the project and others hold weekly or fortnightly risk meetings where issues are raised and managed.

The savvy project manager has a team that are always identifying and managing risks, and using meetings as a forum for managing the most complex and important ones.

The Role Of The Business Case In Risk Management

There are plenty of articles on the internet which suggest that for certain kinds of projects, and at different stages of the project lifecycle, you should be aware of some pretty constant and common risks. Have a look for some in your field.

Risk management systems are tools that are used to track, monitor and manage risks. Often they are a combination of lists of things to watch out for and action plans of things to do. The most common risk management systems are minutes and Excel sheets, however some organisations have quite sophisticated databases. What a risk management system needs to do is ensure that risks are known and understood by the project team and the people who need to deal with the risk management actions and potential consequences of risk events. Like most project tools it’s all about communication.

How

Another important feature of a risk management system is that it is used. The system (Spreadsheet, word doc, etc) needs to be looked at and the items reviewed and monitored. If you are designing your own make sure it is clear and useable. One weakness of risk management systems is that they can get too complex of the users, so consider their knowledge and awareness of risk management systems and design with them in mind.

What Is A Business Impact Analysis (bia)? Definition From Whatis.com

The second set of examples provide fuller descriptions that reduce the likelihood of misinterpretation and allow for a better assessment of the likelihood and impact of the risk.

I should also mention that there are positive and negative risks. For example a risk of greater than forecast customer numbers, resulting in higher revenue is still a risk.

Positive risks can be described as opportunities. You can still plan to manage the risk, just in this case to take advantage rather than defend from the risk.

Family Business Risk Analysis Framework

Often positive risks are ignored by project teams but can be worth exploring; Greater than forecast customer take-up can be generally good, but does unveil some potential problems like stock and staff management for order fulfilment, for example.

Family

It has a special interest group devoted to discussing and understanding risk in the project context and it uses a definition that includes positive as well as negative uncertainty about the future. They also talk about risk management maturity in a CMMI like framework and suggest that as an organisation becomes more mature in its handling of risk it becomes more able to take advantage of upside or positive risk.

You can also think about positive risks in the context of programmes or portfolios of projects. For example, how can you take advantage of the fact that that new change initiative will finish early? You can grab the people and use their expertise early, you can leverage the changes they have implemented and so forth.

Understanding Risk Management And Forecasting For Your Small Business

Risks are often assessed by project team members who have prior experience in a particular area, but bringing in experts can also add value. In fact as most risks have to be assessed by rule of thumb

0 comments

Post a Comment