Chat with us, powered by LiveChat unit | Abc Paper

BBA 4226, Risk Management 1

Course Learning Outcomes for Unit I

Upon completion of this unit, students should be able to:

1. Examine the elements of the risk management process.
1.1 Explain risk management and its benefits to an organization.
1.2 Describe the risk management process.
1.3 Explain the roles that security and capacity play within the risk management process.

3. Recommend established risk management methods, tools, and techniques in the analysis and

reporting of risk events.
3.1 Identify the purpose of a risk management methodology.
3.2 Outline the various risk management methodologies organizations use for risk assessment.

Learning Outcomes

Learning Activity

Chapter 1
Unit I Lesson
Unit I Essay

Unit I Lesson
Unit I Essay

Chapter 2
Unit I Lesson
Unit I Essay

Chapter 1
Unit I Lesson
Unit I Essay

Unit I Lesson
Unit I Essay

Reading Assignment

Chapter 1: Introduction: Why Security and Risk Management Matters

Chapter 2: Security and Capacity

Unit Lesson

Introduction to Risk Management

Risk management is the process that encompasses the identification, analysis, mitigation planning, mitigation
implementation, control, and tracking of risks. The need for risk management has increased at all levels of the
spectrum. As an example, at the corporate level, risk management is critical for identification and
management of corporate risks. At the individual level, risk management is essential for evaluating daily
decisions and actions that might result in an undesirable outcome such as a car accident.

The concept of risk management has evolved since its inception in the early 1950s. In 1955, Wayne Snider
presented a lecture titled “The Risk Manager” in which he proposed the creation of a specific department that
would concentrate on risk prevention within the insurance industry (Snyder, 1956). Later in 1956, Gallagher
(1956) penned an article outlining the principles of risk management urging large companies to consider
hiring a risk manager. Almost from the inception of risk management, the concept has been associated solely
with the insurance industry with very few applications to other fields. In the 1960s, risk management found


Introduction to Risk Management

BBA 4226, Risk Management 2



applications in the fields of economics and finance. Not until the late 1990s and early 2000s was risk
management integrated into commercial and retail banking to analyze credit scoring models.

Risk Management Benefits

Implementing a risk management program provides many benefits to an organization. In a nutshell, risk
management processes offer a strategic standing on a company’s operations framework for dealing with
crises within the organization. There are many considerations for implementing a risk management program
within a company.

Financial: A risk management strategy makes a company more appealing to banks and insurance companies.
Bankers and insurance brokers manage risk as a profession, and the presence of a risk management plan
can increase credit lines and reduce insurance coverage costs. Also, a risk management program can help in
providing due diligence in case there is legal action taken against the company.

Resources: When a risk management process is in place—identifying and prioritizing key resources—it
improves the resource utilization and the company’s opportunity to properly respond to a crisis. This can save
employee hours for core business efforts and can allow response with alternatives that may impact

Culture: A risk management program is very telling about a company’s culture. Employees feel more
confident and knowledgeable about the expectations and leadership of the organization. By building and
maintaining risk planning, the company establishes standards by which performance is evaluated, and
demonstrates the company expects and adapts to change.

Risk Management Process

To reach practical and systematic approaches to risk management, organizations need to adopt a
standardized risk management process. A standardized approach promotes a shared understanding of the
process and risk analysis in the decision-making process. The risk management process is an iterative
process or cycle to manage risks within the context of an organization.

The risk management process includes the following steps:

 defining the context of decisions and related organizational objectives,

 identifying the risks associated with the organizational objectives,

 analyzing and assessing the identified risks,

 developing alternative actions to manage the risks within the context of a cost benefit analysis,

 making decisions as to the alternatives and implementing the course of action based on those
decisions, and

 monitoring the implemented decision and evaluating the expected results to aid in subsequent
risk management decisions.

BBA 4226, Risk Management 3



Risk Management Methodologies

There are different methodologies used for risk assessment. According to the Department of Homeland
Security (DHS) (2011), a methodology is a “logical process by which the inputs into an assessment are
processed to produce the outputs that inform the decision” (p. 20). Each method needs to be contextual to the
needs of the organization.

Asset audit: This approach looks at the assets that are part of the organization and determines the
importance and protection of each asset. Usually, an asset is labeled with an asset identification number,
asset flow or life cycle, potential threat to the asset, the likelihood of threat to the asset, asset impact analysis,
and the relevant safeguards to the asset. This approach is a straightforward method for risk assessment and
threat exposure.

Pipeline model: In this approach, risks are assessed in a pipeline, similar to a transaction. The risk pipeline
assesses risk based on five mechanisms: active processes, communication processes, data processes,
inquiry processes, and access control processes. Each risk pipeline is compared to the organization’s security
requirements at each one of the five components.

Attack trees: This approach assesses risk based on who, when, how, why, and what. The top of the chart
represents the root or attack while the branches depict the various ways the attacker might attain his or her
goal. This method requires that the risk analyst rely on extensive experience and knowledge to be able to
identify all possible methods of the attacker.

Security and Risk Management

According to Newsome (2014), when no risks are present, security exists. Risk management does not mean
that an organization will avoid adverse effects; however, it enables organizations to focus on those risks that
are likely to bring the greatest damage (DHS, 2011). In essence, security is about managing risks, and risk
management is about finding out what those risks are, where they come from, and how to mitigate the risks
identified. Thus, security is about ensuring that potential threats or risks are avoided.

Security can be viewed from many different levels: personal security, network security, system security,
corporate security, and homeland security. Generally, security can be defined as the act of protection against
threats. The implementation of security is a very important component of a business continuity plan (BCP)
and a national infrastructure protection plan (NIPP) requiring a strategy to support against threats. Risk
management strategies provide an organization—and a nation—with a methodology for protection and

Figure 1. Risk Management Process
(Department of Homeland Security, 2011, p. 15)

BBA 4226, Risk Management 4



Security and Capacity

In the context of security, capacity refers to the ability (in resources) to defend against threats. With the
exponential growth of the Internet and all the potential threats introduced by social networking, rich media
traffic, and communication applications, organizations must plan for capacity growth in their assets,
particularly their information technology (IT) assets to guard against risks.


Risk management processes are used to mitigate and control risk, but not necessarily to eliminate risks.
Standardized risk management principles enable organizational leaders to identify alternatives, assess
capabilities, and prioritize company resources associated with potential risks (DHS, 2011). Good risk
management practices enhance an organization’s overall decision-making processes by maximizing the
ability to reach the company’s objectives.


Department of Homeland Security. (2011). Risk management fundamentals: Homeland security risk

management doctrine. Retrieved from

Gallagher, R. B. (1956). Risk management: New phase of cost control. Harvard Business Review, 34(5), pp.


Newsome, B. (2014). A practical introduction to security and risk management. Thousand Oaks, CA: Sage.

Snider, H. W. (1956). The risk manager. Insurance Law Journal, 1(1), pp. 119-125.

error: Content is protected !!