Outline
Risk analysis is involved in identifying threats that are likely to occur and analyzing the likely outcome. High risk investments bring about high returns and low risk projects have low returns. Cost benefit analysis ensures that the costs involved in projects bring about returns that are more than the costs involved for an investment to be profitable. Measurements of risks are done when the type of threat is already known and nature of its severity. The impact from any given risk is gotten from calculations which are done to determine the loss suffered in monetary terms. Prioritizing risk is very important in order to know the correct preventive measures that are supposed to be undertaken.
Introduction
According to (Erickson, 1997) Risk analysis is the practice involving identification of threats that are likely to occur and analyzing the outcome of those particular threats. Regardless of measures that could have been employed to prevent risks from taking place, it’s found necessary to conduct analysis of threats that are likely to occur. The main objective of carrying out risk analysis is to ensure that the vulnerable population is safe incase a certain risk occurs. Performance of risk analysis follows a number of stages including, risk identification, risk measurement, risk prioritization, analysis of gains and losses and risk management.
Definition of Risk
Risk can be defined as the likelihood that a particular consequence will take place, which can be either beneficial or not. However, risk is mostly associated with unbeneficial consequences that are likely to occur to some particular valuables. It can also be described as a particular occurrence that can be prevented from happening. Here, the particular occurrence is considered as a problem expected to happen in the future and has the potential of being fixed in the present. Description of risk can be based on its severity which results to a quantitative description of risk as well as a qualitative one. The quantitative description of risk considers it to be equal to the amount of loss that will result from its occurrence as well as the likelihood of its occurrence. (Erickson, 1997)
Risk can also be described in accordance to fields in which it is applied where application fields may involve, finance, literature, insurance, engineering, health and psychology. In the field of finance, risk is considered as future returns that are expected to be the outcome of particular financial operations which could either be positive or negative. Here, risk is quantified in respect to its presumed outcome where an approximate amount of gains or losses are taken to represent its value.
Engineering kind of risk is the risk that occurs in the course of working for example, in industries and other areas of employment. This particular risk is usually estimated in accordance to past occurrences of similar events. Engineering risks may include injuries from machines, fire and death which may occur in the course of duty. Literature considers risk in a more general and biased manner as it is taken to symbolize negative likelihood, effects and danger. (Humphrey, 2007)
Risk can be measured and analyzed so as to provide information which can be used in the formulation of ways in which it can be prevented or managed. There are various categories of threats that can result to risks which include natural threats. These are threats that occur naturally without being caused by anyone such as external and internal fires, flooding, high winds, storms and eruptions. Another category of threats is technical threats which result from failure of machine or other technicalities. For example, failure of telecommunications, electric power failure, nuclear fallout and gas leaks. Human threats category comprises of embezzlements, robbery, burglary, terrorism, sabotage, war and civil disorder. Each of these categories of threats undergoes specific criteria of analysis which consequently assists in their management. (Poirier, 1997)
Risk Measurement
Risk can be measured in several ways depending on the type of threats responsible. A general criterion may involve threat identification as the first step where all risks that are likely to occur are identified. This is then followed by measurement or prediction of the impact that is likely to be caused incase that particular risk occurs. The potential impact should then be rated in accordance to the nature of outcome as well as severity. For example, a scale of numbers one to three can be formulated where zero may represent lack of potential impacts on an individual or organization incase of occurrence of a particular risk. Number one may represent the occurrence of limited amount of risk which may persist for about eight hours. Number two may represent considerable amount of damage which may persist for more than eight hours but less than forty eight hours. Finally, number three may represent major damages which may cause interruptions lasting for a time period exceeding forty eight hours. However, these ratings are accompanied by a number of assumptions which include an assumption that the ratings should give reflections of the approximate potential impact that is anticipated. The second assumption is that the potential risks will only occur at the organization being rated and that it will not affect other facilities. Thirdly, all the potential impacts that would not call for relocation to other areas are assumed to be under a similar rating of scale two. Finally, measurement of potential impacts is assumed to be undertaken by the organizations which are affected directly in case loss is experienced.
The likelihood at which the risks that have already been measured might take place is also rated. The likelihood of risk occurrence may be rated into three different levels where the highest level may be allocated ten points. A medium level of probability, five points while the lowest level of probability may be allocated one point. It is after allocating both the ratings of potential impacts as well as those of the level of probability at which risks are expected to occur, that calculations are done. (Turner, 1995)
Calculations are done so as to get the approximate amount of impact that might occur to an organization or individuals incase of occurrence of a particular risk. Hence, the product of points representing the level of probability and number representing the severity of the potential impact gives the approximate amount of risk that is likely to occur. For example, if the likelihood of the occurrence of floods is high, it means that, it will be rated ten. If it happens that the floods are expected to persist for period of time exceeding forty eight hours the level of floods severity will be allocated number three. Then the product of the two ratings, that is ten and three results to thirty which is the amount allocated to approximate level of risk that is likely to occur. Actually, thirty represents the greatest amount of risk that can be measured using this criterion and the same can be used to rate other risks which would help to identify those threats that are likely to cause the greatest amount of risk. The resultant level may help individuals or organizations to decide on the measures that are best applicable in risk prevention or management incase it cannot be avoided. (Humphrey, 2007)
Prioritizing risk
After the risks are identified and analyzed, the management has a duty to undertake preventive measures in order of priority. This depends on how often the risks occur; legal impact of the risk and financial position of the organization. The effects of risks to organization is difficult to quantify because, it involves increase in insurance premium to be paid, loss of revenue, loss in the market share, high judgment costs, increased cost of reconstruction and loss of data that is very difficult to recover. The managers should give the first priority to assessment of risks depending on the importance of business because, magnitude of risk and its likelihood to occur help in determining efficient operations to be undertaken to ensure everything is safe and sound. (Rayner, 1992)
When working in a dynamic environment, risk factors need to be assessed all the time using skills, experience and reliable information in order to succeed in finding solutions to the problems that might arise and threaten your progress. Feedback for the services offered is very important because, they help to know about performance and how to improve the weak areas. Feedback need to be considered since it helps in communicating freely and ensures respect and trust is observed in team building.
Cost/benefit analysis
Cost benefit analysis involves taking the total costs involved in an operation, weighing them against the expected benefits to know whether it would be profitable or not to carry out an investment. Analysis of costs and benefits expresses the costs in terms of money and adjustments are made in order to take care of time value of money. This is because; the money we have today is not worth the same tomorrow. The benefits of project will be achieved at different times which require them to be expressed in the present value. (Rayner, 1992)
The government uses cost benefit analysis to know whether it is desirable to start a project or not. This will be determined by the willingness of the public to make payment for benefits to be enjoyed and their desire to avoid costs to be incurred. Opportunity cost is used to measure all the inputs that are required in any given project in order to get profitable returns. Monetary value is involved in cost benefit analysis to know the expenses involved and the returns to be generated. It is not easy to know the returns to be generated from costs which make analysts use survey methods in their estimation of costs and benefits. For example, a manager may try to compare expenses involved in marketing and production sector to make a projection of sales in a given product and decide to produce if he expects costs involved to be lower than the returns. In cost benefit analysis, expenses involved and profits to be generated are put together in order for discount rate to be chosen to assist in calculating the benefits as well as costs in future in terms of present value of money. (Broder, 2006)
In the analysis of costs and benefits, monetary value may make the project to fail and loose its reputation especially when there are business regulations to be followed. For example, the road located on a mountain should have a guardrail to avoid injuries, damage to property in case of an accident and death. When calculation of costs and benefits are done, the costs that are expected to incurred in future and the benefits to be generated are converted to the present value of money.
Analysis of costs and benefits is different in various sectors such as health and transport due to the discount rate involved in different countries. The estimation of costs and benefits determines how accurate the outcome is. Research shows that, the infrastructure planning to estimate how accurate the estimated costs are found that, cost for rail project was higher than the estimated costs by forty four per cent and the benefits were lower that estimated by fifty percent. Study show that, inaccuracies are also experienced in other fields but not transport sector alone. The consequences of analyzing costs and benefits should be taken with care to avoid inaccuracies. When the costs and benefits are inaccurate, planning encounters substantial risk that result to lack of efficiency in decision making. (Turner, 1995)
Risk analysis methodologies
According to (Broder, 2006) Qualitative methodology analyses the event which make potential hazard result to an accident. Undesirable events that are likely to occur are identified and later analyzed so that improvement can be made and control measures be formulated. This methodology helps to determine hazards that need to be taken care of using the most efficient methods. This method is also useful in working environment where there are no safety measures to be used. Potential hazards are arranged according to the risks involved in order to allow prioritizing of the measures to ensure no accidents occur in future.
Hazard and the operability studies applies critical examination in systematic manner using existing facilities in order to know potential of hazards after specifications of design are deviated to establish consequential effects on the affected facilities. The words that are used are more/ less, other than and no/not. The guidewords help in identifying the scenarios that bring about hazard since the problems flow in sequence and the word more is used where the rate of flow of the problems is high and less than to mean the flow is low. Later, loss caused by the hazard is discussed in order for the right measures to be put in place. This technique has been successful in industries to ensure safety of the plant and improve operability. (Smithson, 1989)
Faulty tree analysis performs evaluation of safety using logical diagram to show system failure. For example, event that is undesirable in the system and components that are likely to fail in a system. This technique uses deductive logic where there is definition of undesirable event and identification of causes of failures resulting to the event. Event tree analysis shows the outcome after an initial event has occurred. Inductive logic is used especially in analyzing the consequence for an incident that occurred before and after. (Kates, 2000)
Cause-consequence analysis uses both inductive as well as deductive analysis where fault and event trees are used. This analysis aims at identifying sequence of events that result to undesirable consequences. The possibility of occurrence of an event is identified and calculated in order to establish the level of risk in the system. This methodology is used in stations of nuclear power but other industries can use it to estimate safety of protective measures to be undertaken. Possibility of an event occurring is quantified to determine undesirable events that bring about economic loss and death. (Broder, 2006)
Preliminary risk analysis methodology analyzes sequence of events in a disciplined manner through transformation of hazard to an accident. Identification of undesirable events is done and then analysis done separately. If the hazards are undesirable, possible improvements are done and formulation of preventive measures. This methodology helps in determining hazards to be looked at and suitable methods for analyzing them. This analysis is useful in environment that requires identification of safety measures where ranking of hazards is in accordance to the risks involved so that measures are prioritized in order to control accidents. (Kasperson, 1992)
The Utility of Security Surveys
There is a security program called Norton 360 which is a security package for computer users. It provides protection from viruses that attack internet and fraud websites which cause threat to the internet. The subscription is renewed in order to protect three computers all the time. The users are safeguarded from fraudulent schemes when shopping online or banking to avoid theft. Information technology has a feature for solving computer problems and ensuring online back up of data is done with ease. The new survey of application of firewall is unique to ensure there is integrity of information that is either entering or leaving the system. Firewalls has default setting that are powerful to prevents attacks that can cause great risks and uncertainty if they interfere with the stored data by corrupting it thereby causing great inconveniencies and rendering it useless. (Broder, 2006)
Conclusion
Risk analysis is very important in identifying possibility of occurrence of events in future and the right measures to be taken in order to prevent the loss that may arise from a given risk once it occur. Risks causes’ great loss to the people involved and it can take a lot of time before they can recover from the loss incurred. It is advisable that, preventive measures are taken by insuring property so that in case of a loss, the insurance company can compensate by putting the person who suffered loss to the same financial position he was before the loss occurred.
References
Broder J. (2006): Risk Analysis and the Security Survey: Elsevier pp391-392
Ericson R. (1997): Policing the risk society: University of Toronto Press pp37-39
Humphrey C. (2007): Transforming audit technologies: business risk audit methodologies and the audit field: Elsevier pp39-41
Kasperson R. (1992): The social amplification of risk: progress in developing an integrative framework: Praeger Publishers pp39-41
Kates R. (2000): Comparative risk analysis of technological hazards: National Acad Sciences pp24-25
Poirier R. (1997): Political risk analysis and tourism: Elsevier pp65-67
Rayner S. (1992): Cultural theory and risk analysis: Praeger pp45-47
Sime J. (2004): Living on the border: knowledge and risk: Elsevier pp39-40
Smithson M. (1989): Ignorance and uncertainty: emerging paradigms: Springer pp79-82
Turner B. (1995): Regions at risk: United Nations University pp76-78