The lifecycle of a risk management process encompasses several steps and activ- ities. One of the crucial steps is risk analysis, in which the effects of identified risks have to be analyzed and assessed. This assessment can be performed by using either qualitative or quantitative methods. The main aim of the paper to state the main difference between qualitative and quantitative methods in risk assessment. In the first section i will give a brief introduction about risk man- agement lifecycle and risk analysis. In the second section a detailed description about qualitative and quantitative method will be given with their advantages and disadvantages and methodology used in each technique. In the last section real life examples are given ,
Risk management help us in a better decision making through a good understanding of risks and their likely impact. One of
Preprint submitted to Elsevier August 8, 2016

the most crucial state in risk management is the assessment. Risk is assessed by identifying threats and vulnerabilities, then determining the likelihood and impact for each risk. Risk assessment can be done using qualitative or quantita- tive techniques. Qualitative risk assessment is a subjective evaluation, people’s opinion of how badly a particular problem might be. While quantitative risk assessment assigns values to information, systems, business processes, recovery costs,as a result risk impact, can be measured in terms of direct and indirect costs.
2. Risk Management life cycle
Risk management is a process of thinking methodically about all possible risks or threats before they happen and setting up procedures that will avoid the risk, handle or reduce its impact. It is basically setting up a process and plan to deal and control a risk.
• Risk Management Plan - specifies the management intent, system and procedures required for managing risks. This step shows how the next four steps are executed in an
IT Risk Analysis
Figure 1: Risk Managment Life Cycle
One of the main important step in risk management is risk analysis. Risk is assessed by identifying threats and vulnerabilities, then determining the like- lihood and impact for each risk. However managing risks in IT is also the key element in risk management because it allow the system owner to protect the information system proportional with its value to the organization. Moreover understanding a risk allows organizations to prioritize short resources since all organizations have limited resources.
There are different ways to assess the risk in your environment and resources that are available. One common thing is Business impact analysis , were from it we can understand the resources in the enviroment and threats that might have impact on these particular resources. Business impact analysis allow us to determine how likely some threat may occur and what is the impact on organi- zation if that happened.
IT Risk Analysis is intended to carry out work of:
• Resource Evaluation (information, software, hardware and physical re- sources) value of resource it is not only value of its purchase but also short term effects and long term consequences from its
Risk assessment.
As a result, the topic of ‘risk management’ can be related to a biblical passage in The Book of Ecclesiastes, Chapter 11:5-6. According to Solomon, “As thou knowest not what is the way of the spirit, nor how the bones do grow in the womb of her that is with child: even so thou knowest not the works of God who maketh all. In the morning sow thy seed, and in the evening withhold not thine hand: for thou knowest not whether shall prosper, either this or that, or whether they both shall be alike good” (2009, p. 975). Thus, as stated previously, risk consists of uncertainty and risk management is the process of mitigating such risk in order to prevent counterproductive consequences. The Lord is the all-knowing entity throughout the universe, and
There are various reasons why risk assessments are put in place. Risk assessments can be used to assess the environments that we work in, the risks staff may be exposed to, the risks to the individual and the risks of the equipment that is in place. Once the risk assessment process has been completed it will help all concerned to thin about ant potential hazards there may be in the situation or activity and the ways risks to the individual others cane be minimized. Taking risks is part of being able to choose and be in control of your life. It is important that concerns about risks do not get in the way of people living their lives in the way they want to. We must ensure we make the individual aware of all risks for them to be able to make their
The project management plan will help the organization to manage all the foreseeable risks in a timely, proactive, effective, and appropriate manner. The aim of the project management process is to maximize the chances of the project achieving its objectives, while minimizing the risks and keeping them at an acceptable level. The scope and objective of the risk management plan are as follows:
Risk is the possibility of injuries or accidents occurring in your settings. Every individual health and social care settings has its own hazards which poses a potential risk. Risk assessment must be use to evaluate and minimise the risk if they are inseparable from the person centred care of the user. The risk factors in the care setting could have psychological, social, financial and physical instabilities.
Risk Managers identify, evaluate, prioritize, and control risks that impact resources or members of an organization (University of Wisconsin, 2013). In more ways than one, risk managers are important for accessing problems and predicting the magnitude of the anticipated outcome. In the case of an emergency situation, ultimately the unwanted outcome would be loss of life. Risk managers are the key members to prevent loss, damage, and negative outcomes. Regardless of the type of emergency medical service risk managers must manage some degree or risks. According to the University of Wisconsin (2013), there is no single method or solution defined to effectively manage risks.
For this a risk assessment strategy should be developed. For making the strategy, the possible risks should be evaluated. A list of possible risks associated with the results and the information of the research paper should be formed.
The risk management process needs to be flexible. Given that, we operate in the challenging environment, the companies require the meaning for managing risk as well as continuous improvement in identifying new risks that will evolve and make allowances for those risks that are no longer existing.
This essay will first define risk and uncertainty. In the second section, it will introduce the process of two frameworks namely the COSO framework and the SHAMPU framework. It will evaluate the performance of the two different alternative risk management frameworks to distinguish different between risk and uncertainty. Finally, an opinion will be expressed if the effective use of risk management process frameworks depends upon an ability to differentiate between risk and uncertainty.
As the first step, identify potential risks plays a crucial role in the risk management process. The core purpose of identifying risk is to figure out causes of risk and analyze result caused by the risks and its probability . Hence, risk identification can begin with the source of problem, or with the problem itself. The chosen method of identifying risk may depend on culture, industry practice and compliance. The identification
Risk mitigation is also the process of controlling actions, which are identified, and selecting the suitable ones to reduce risk according to project objectives (Pa, 2015). Risk mitigation is important in IT organizations in so many ways. According to Ahdieh, Hashemitaba, Ow (2012), mitigation of risk provides a mechanism for managers to handle risk effectively by providing the step wise execution of the risk handling (as cited in Pa, 2015, pg. 49). Some risks, once identified, can readily be eliminated or reduced. However, most risks are much more difficult to mitigate, particularly high-impact, low-probability risks. Therefore, risk mitigation and control need to be long-term efforts by IT project managers throughout the project lifecycle. There are three types of risk mitigation strategies that hold unique to Business Continuity and Disaster
A hazard is a potential damage, adverse health or harm that may effects something or someone at any conditions. Other than that, the risk may be high or low, that somebody could be harmed depending on the hazards. Risk assessment is a practice that helps to improve higher quality of the develop process and manufacturing process. It is also a step to examine the failure modes of the product in order to achieve higher standard of safety and product reliability. Unfortunately, it is common that a product safety risk assessments are not undertaken, or not carried out effectively by manufacturer. Mostly an unsafe and unreliable product was produced and launched on to the market. Thus, the safety problems are mostly identified after an accident happened or after manufacturing problems arisen. In order to prevent risk, a person should take enough precautions or should do more to prevent them because as a user should be protected from harm that usually caused by a failure for whom did not take reasonable control measures.
With a changing economy external factors have placed an undeniable importance for businesses to implement an Enterprise Risk Management (ERM) program within their organization. The need for ERM is present in almost any business sector, including higher education. An effective ERM program successfully identifies risk that are present internally and externally in regards to the organization. Identification of key risk, prioritizing the risk and implementing strategies will aid in avoiding and mitigating the risk that could have catastrophic implications. Ultimately, a strong ERM program will allow the organization to manage risk successfully by instilling an ongoing process.
Risk management is a process used in all industries to reduce the risk. The Risk management tool usage changes from sector to sector and hence each sector has developed their own risk management tools and methodologies to mitigate the risk. But the concept remains the same behind all the tools (Ropel, 2011). The main steps for risk management irrespective of the sector are:
Risk Management allows us to identify the problems which are unknown during the start of the project but may occurs later. Implementing an efficient risk management plan will ensure the better outcome of the project in terms of cost and time.