Stages of the identification process. General characteristics of risk identification and analysis Identification and conceptual directions of risk analysis

Risk identification– the initial stage of a system of risk management measures, consisting of the systematic identification of risks characteristic of a certain type of activity and the determination of their characteristics.

According to GOST R 51897-2002 “Risk management. Terms and definitions" risk identification refers to the process of finding, listing and describing risk elements.

Risk identification determines which risks are likely to affect the project and documents the characteristics of those risks.

Risk identification is an iterative process. Initially, risk identification may be performed by part of the project managers or by a group of risk analysts.

Identification can then be handled by the core group of project managers. To form an objective assessment, independent specialists can participate in the final stage of the process. Possible responses can be determined during the risk identification process.

Initial data for identifying and describing risk characteristics can be taken from different sources:

1. First of all this organization knowledge base. Information on the implementation of previous projects may be available in the archives of previous projects. It should be remembered that the problems of completed and ongoing projects are, as a rule, risks in new projects.

2. Another source of data on project risks can be a variety of information from open sources, scientific works, marketing analytics and other research works in this area.

Each project is conceived and developed based on a series of hypotheses, scenarios and assumptions. Typically, the project scope statement lists accepted assumptions—factors that, for planning purposes, are considered true, real, or certain without evidence. Uncertainty in project assumptions should also be considered as a potential source of project risk. Assumption analysis identifies project risks that arise from inaccurate, incompatible, or incomplete assumptions.

The main difficulties in identifying risk factors and uncertainty when conducting pre-project feasibility study of investments are:

Absence of dependence, in a general sense, between events that are unprofitable for the project as a whole and events that are unprofitable for a specific participant;

When identifying risk events, it is difficult to find a compromise between an excessive number of possible events and their incomplete list. In this case, the professionalism of experts becomes extremely important.

To eliminate these contradictions, it is advisable to initially identify events that are unprofitable specifically for a particular participant, and then, from among them, the most possible ones, taking into account the specifics of participation in the project.

Various approaches can be used to collect risk information. Among these approaches, the most common are: expert survey, brainstorming, Delphi method, Crawford cards.

Modern risk management techniques are equipped with powerful tools for identifying risk events that characterize both the project as a whole and its individual aspects. The most effective method for identifying risks is analysis of the project environment. From the list of negative events, the most plausible ones from the point of view of an expert in a given project are first determined (selection based on possibility-probability of occurrence). Then the events determined using expert assessments are selected based on their unprofitability for the project.

When identifying risk events for a specific participant based on contractual relationship models three main groups of risk events (increased investment costs, increased production costs, decreased income) are proposed to be identified depending on which of the following factors they are caused by: force majeure, failure of other participants to fulfill their obligations, failure of the participant itself to fulfill its obligations.

The main advantage of the above classification of negative project events is that it is focused on the unprofitability of project events for an individual participant, which is not fully taken into account by modern expert methods. At the same time, when identifying risk events, special attention is paid to possible aggravation of relationships between project participants.

The result of risk identification there should be a list of risks with a description of their main characteristics: causes, conditions, consequences and damage.

The result of the risk identification process is a Risk Register containing:

List of identified risks;

List of potential response actions;

The main causes of risk;

During the identification process, the list of risk categories can be supplemented with new categories, which can lead to an expansion of the hierarchical risk structure developed during the risk management planning process.

The risk register contains the following information:

1. Date of occurrence of the risk.

2. Date of risk registration.

3. Name of the risk.

4. Description of the risk.

5. Initiator.

6. Reasons that caused the risk.

7. Consequences.

8. Risk owner.

9. Risk expiration date.

Although projects are risky enterprises and there is always uncertainty that needs to be identified and controlled, it is a mistake to include every uncertain risk in the Risk Register.

All risks have common inherent characteristics:

1. They refer to the future tense and have not yet occurred.

2. These are uncertain events that may not happen.

3. They matter when they happen.

Instead of filling the Register with general risks that do not require a special response other than proper performance of work, it is necessary to pay attention to identifying real risks.

Risk identification and analysis are a key element of the risk management process. Their proper organization largely determines how effective further decisions will be and, ultimately, whether the company will be able to sufficiently protect itself from the risks that threaten it. Therefore, studying the features of this area of ​​risk management and taking them into account in the practical activities of a risk manager is an important step in understanding the entire risk management system.

The main goal of risk identification and analysis is to form among decision makers a holistic picture of the risks that threaten the company’s business, the life and health of its employees, the property interests of owners / shareholders, obligations arising in the process of relationships with clients and others counterparties, rights of third parties, etc. In this case, not only the list of risks is important, but also managers’ understanding of how these risks can affect the company’s activities and how serious the consequences can be. As a result of such a study, a risk management system will be properly organized, which will provide an acceptable level of protection for the company from these risks.

Identification and analysis of risks involves conducting a qualitative and then quantitative study of the risks that the company faces.

Qualitative analysis involves identifying risks, studying their characteristics, identifying the consequences of the implementation of relevant risks in the form of economic damage, and disclosing sources of information regarding each risk. At this stage, a detailed classification of identified risks is carried out, the main criteria of which are discussed in topic 2. As a result, the risk manager has an understanding of the range of problems that will have to be faced in the risk management process.

A preliminary step in the quantitative risk assessment stage is obtaining information about them. Such information must contain the following data necessary to assess the degree of risk predictability: frequency (probability) of occurrence and amount of losses, i.e. distribution of damage, as well as other characteristics that are required for further risk analysis. The correctness of all subsequent decisions will depend on whether the network can collect the necessary quality data in the required volume. Therefore, determining the degree of trust in different sources of information is an important aspect of this step.

The main step of the quantitative risk assessment stage is processing the collected data. It must serve the purposes of the subsequent risk management decision-making process. To identify risk factors and the degree of their impact, various methods of statistical data processing can be used, including correlation and variance analysis, time series analysis, factor analysis and other multivariate classification methods, as well as mathematical modeling, including simulation .

If necessary, statistical analysis can be used to confirm some of the conclusions of the previous stage, when qualitative analysis is not enough for this. For example, if there is not enough quality information to carry out a detailed risk classification, then a multidimensional classification procedure can be carried out.

Many criteria can be proposed to highlight the stages of the risk identification and analysis process. The most common is the degree of detail of the risk study.

In accordance with it, the following stages can be distinguished:

Understanding the risk, i.e. qualitative analysis accompanied by a study of the structural characteristics of risk (hazard - exposure to risk - vulnerability). This is a very important stage, since it determines what the risk manager will face in the future, and thereby sets the boundaries of decision-making in the risk management process;

Analysis of specific causes of adverse events and their negative consequences. This stage is a detailed study of individual risks (cause-and-effect relationships between risk factors, the occurrence of adverse events and the damage caused by them). Such research provides the basis for risk management decisions;

Comprehensive risk analysis. This stage involves studying the entire set of risks as a whole, which gives a complete, comprehensive picture of the risks that the company faces. This allows for a unified risk management policy. Such a study also includes procedures such as safety audits, i.e. a comprehensive study of a firm's business, decision-making methods and technologies used in order to identify and analyze the risks to which they are exposed.

In some cases, not all of the listed stages are implemented in the risk management practice of specific companies, but the most complete and comprehensive option includes all three stages. As a rule, this is typical for large companies engaged in complex business.

Sberbank of Russia's risk management policy defines the main objectives and procedures, the purpose of which is to ensure the sustainable development of the Bank as part of the implementation of the strategic plan.

Basic principles of risk management:

• 1. Risk awareness. The risk management process affects every employee of the Bank. Decisions on any banking operation are made after a comprehensive analysis of the risks arising from such an operation. The Bank has regulatory documents regulating the procedure for performing all operations subject to risks.
• 2. Separation of powers. The Bank has implemented a management structure in which there is no conflict of interest: the responsibilities of the divisions and employees of the Bank that carry out transactions exposed to risk, take into account transactions (in accounting and management accounting), and carry out risk management and control functions are divided.
• 3. Control over operations (preliminary, current and subsequent control).
• 4. Control by management and collegial bodies. The Bank has a system of limits and restrictions that allows it to ensure an acceptable level of risks.
• 5. Use of information technology. The risk management process is based on the use of modern information technologies. The Bank uses information systems that allow it to timely identify, analyze, evaluate, manage and control risks.
• 6. Continuous improvement of risk management systems taking into account strategic objectives, changes in the external environment, innovations in global risk management practice.
• 7. A combination of centralized and decentralized risk management approaches. Collegial bodies approve methods for calculating limits for territorial banks. In accordance with the approved methods for calculating limits, territorial banks independently, by decision of the authorized collegial body of the territorial bank, approve limits for their divisions.

Risk management process steps:

• 1. Identification of all main risks arising in the Bank’s activities.
• 2. Analysis of identified risks and their assessment, calculation of total risks.
• 3. Making a decision on whether or not to carry out operations at risk, limiting identified risks, forming reserves for possible losses.
• 4. Monitoring compliance with established risk management procedures and restrictions on the level of accepted risks.
• 5. Constant monitoring and optimization of established restrictions, taking into account the assessment of the Bank’s performance results related to the acceptance of a certain type of risk.

The Bank identifies the following significant types of risks: credit risk, market risk, liquidity risk, operational risk.

In the current economic conditions, Sberbank of Russia pays special attention to managing credit risk and monitoring the quality of the loan portfolio. The Bank applies the following main methods of credit risk management:

• * preventing credit risk by identifying, analyzing and assessing potential risks at the stage prior to transactions subject to credit risk;
• * limiting credit risk by setting limits;
• * monitoring and control of the level of credit risk;
• * covering (reducing the level) of credit risk by forming adequate reserves and appropriate structuring of transactions.

In the context of growing credit risks in the economy in the reporting year, the Credit Policy of Sberbank of Russia in the current economic conditions was adopted and published on the corporate website, defining a list of additional measures taken by the Bank to effectively manage credit risk.

The governing bodies responsible for the effective risk management of the territorial bank are: the Board of the territorial bank, the Committee of the territorial bank for the provision of loans and investments, the Committee of the territorial bank for interest rates and limits within the powers determined by the relevant regulatory documents.

The objectives of risk management are:

• - optimization of the risk/return ratio in all areas of activity;
• - minimizing the Bank’s losses in the event of unfavorable events;
• - reducing the deviation of the Bank’s actual financial result from the planned one.

Introduction

The relevance of the problems of risk identification is determined mainly by the fact that the collection of information requires adequate methodological approaches and the need to introduce scientifically based methods into practice.

Risk identification is a key element of the risk management process. Its proper organization largely determines how effective further decisions will be and whether the company will be able to sufficiently protect itself from the risks that threaten it.

The purpose of the work is to study the features of the definition and methods of identifying risks.

• - determine a risk identification system;
• - consider the organization of risk identification.

The subject of the research is the study of risk identification methods. The object of the study is risk identification methods. Research methods: analysis, synthesis, generalization, etc.

risk identification.

To assess risks and make decisions related to them, it is necessary to collect initial information about the object that carries the risk. This primary stage is called risk identification. It includes two main stages: collecting information about the structure of the facility and identifying hazards or incidents.

There are many methods that help obtain information about the characteristics of individual risks inherent in a particular type of activity. Therefore, in order to solve the problem, it is advisable to use a set of methods. It is necessary to constantly monitor the effectiveness of such methods in order to make improvements that may be useful in the future.

It is impossible to say unequivocally which methods will be most effective in each specific case. The task is greatly simplified if the risk manager is a specialist practitioner in a given area of ​​economic activity, be it industrial production, finance or commerce.

The work of collecting information and identifying risks helps to identify most hazards, but, as a rule, new ones appear after a while. This may be due to the accumulation of experience and statistical data, as well as the introduction of new technologies and the use of other materials.

Therefore, an important part of organizing activities in this area is the creation of a special program for monitoring and identifying new risks. Such a program should be planned by the enterprise's risk management department or risk manager. Whatever risk management plan is developed, it must have its own budget and economic justification so that the costs of identifying risks do not exceed the damage from them.

Recognizing risks is quite labor-intensive and requires special knowledge. The best option in such a situation is to hire independent firms or experts in the field of risk assessment and insurance.

Obtaining initial information about production facilities. This is possible with:

• - standardized questionnaires;
• - analysis of primary documents of management and financial reporting;
• - analysis of data from quarterly and annual financial reports;
• - drawing up and analyzing a diagram of the organizational structure of the enterprise;
• - compilation and analysis of technological flow maps of production processes;
• - inspections of production units;
• - consultations with specialists in this technical field;
• - examination of documentation by specialized consulting firms Korolkova E.M. Risk management: project risk management: Textbook for students of economic specialties, 2013, p. 94.

The information received must be properly analyzed and structured. The main goal of such work is to establish relationships between individual data from different sources.

Recognition of financial and commercial risks of an enterprise has a number of features. In this case, the analysis of the financial documentation of the enterprise becomes of primary importance. To do this, it is necessary to prepare specific questionnaires, as well as adapt a number of other risk identification methods. risk consulting management

1. Structural diagrams. These diagrams are graphical methods for obtaining information about possible risks. The method is intended to analyze the features of the enterprise structure and the resulting risks. The data obtained are useful for assessing, first of all, internal business risks associated with the quality of management, organization of sales and advertising, etc., as well as commercial risks (Fig. 1).

Rice. 1.

Structural diagrams allow you to identify several forms of possible internal risk: duplication of functions, their dependence and concentration. For example, it may turn out that a certain department also exists in all subsidiaries. In this case, non-compliance with work standards may create certain risks in the present and in the future. This form of risk is called duplication.

There are different approaches to constructing structure diagrams. The whole variety of management forms of companies can be divided into vertical, horizontal and mixed structures, in particular matrix, cellular, etc.

2. Flow maps. Flow maps, or flow diagrams, graphically depict individual production processes and their interrelationships. Flow on such maps is the movement of certain material assets from one structural element of the diagram to another. These maps are useful for recognizing the key elements of a production process that affect its reliability and sustainability. Such elements are called key elements, since a violation of their normal operating mode or failure interrupts the entire production process or leads to critical emergency situations. A process recorded in a specific map may cover one type of activity of the organization, all internal production processes, or a separate technological chain. During the analysis, the flow map helps to see the existing bottlenecks of the project or potential risky situations (Fig. 2).

Rice. 2.

Analysis of the flow map makes it possible to foresee the consequences associated, for example, with an accident at a warehouse of raw materials and components and the cessation of the flow of raw materials to subsequent stages of production. In the same way, you can study the consequences of incidents that occurred in a warehouse of finished components or in a packaging workshop for finished products.

Thus, the flow map allows you to identify critical areas of the production process and roughly estimate the scale of a particular incident. Elements critical to the operation of the entire system are located in successive branches of the system. At the same time, disruption of the operation of elements in one of the parallel branches will most likely lead to smaller losses, since material flows will be able to pass for some time through other branches that continue to function normally.

Flow maps can be performed with varying degrees of complexity. In addition, flow diagrams allow you to reflect both material and financial flows between departments of the company. For example, a flow map can show the process of assembling a product in a modified form. For example, it records not material flows, but the cash equivalents of inventories and added value, which passes into the finished product during each stage.

The main advantages of presenting a flow map in a modified form are the ability to:

• - obtaining a quantitative assessment of potential losses in the event of interruptions at one of the stages of the technological cycle;
• - visual perception of risk by the manager of various ways of redistributing resources between parallel branches of the system;
• - detection and minimization of potential losses.

Currently, there are powerful software tools for personal computers, in particular ERP systems (integrated resource management systems), which can significantly simplify the modeling of the structure of an enterprise and the flow of resources within it. The limitations of using flow maps as a risk recognition method are as follows:

• - the method is focused only on internal processes;
• - does not establish the reasons for the vulnerability of individual stages of the production process.

All this requires simultaneously using other methods to obtain initial information about risks. For example, flow maps can be supplemented with information about the possible frequency and severity of past losses obtained from questionnaires.

3. Cause and effect diagram. The diagram, which was proposed by one of the largest Japanese management theorists, Kaoru Ishikawa (Fig. 3), is referred to in various sources as a “fishbone” or “problem tree”, which reflects the same thing, but the diagram is rotated 90 degrees. Korolkova E.M. Risk management: project risk management: Textbook for students of economic specialties, 2013, p. 99

Rice. 3. Ishikawa diagram (fishbone):

1 - main reasons; 2 - secondary causes influencing the main ones; 3 - reasons affecting secondary ones, etc.

The Ishikawa diagram allows you to analyze and structure all the risk factors that affect the result of the analysis. The tool is very practical for analyzing the causes that lead to risks. It is recommended to work with the Ishikawa diagram in the following steps:

• - collection of all risks that in any way affect the project;
• - grouping of risks into semantic and cause-and-effect blocks;
• - ranking of risks within each block;
• - analysis of the resulting picture;
• - discarding risks that cannot be influenced;
• - ignoring minor and unprincipled risks.
• 4. Direct inspection. The risk recognition methods described above are convenient because you can obtain data without leaving the office, i.e. using modern means of communication. However, it is possible that when examining questionnaires, financial documentation or flow maps, some points will turn out to be unclear and raise additional questions. In addition, when business units fill out risk reporting forms prepared for them, important factors may be missed. Therefore, to obtain additional information and check on site its reliability and completeness, risk managers can organize inspection trips to enterprises.

The effectiveness of the inspection directly depends on the qualifications of the employees performing it. If risk managers are highly qualified and have extensive experience, they will note those important nuances that may be missed by survey respondents and other specialists performing technological operations.

Direct inspection will also make it possible to identify and clarify individual aspects of the risk management program being developed, assess the possible costs of management at a given enterprise and make recommendations for regulating risk levels.

When planning a visit to any site, it is first necessary to determine a list of tasks that must be solved during the inspection process and take into account a number of specific factors. In addition, a certain logical scheme for identifying risks should be built in such a way as to minimize the possibility of missing something significant.

One of the ways to solve this problem is to prepare special maps for each of the objects, containing a list of questions and information that needs to be clarified. During the inspection process, such cards must be completed for each facility. They determine the content and structure of the inspection, reduce the time spent on site and reduce the risk of missing something important.

In practice, inspections are carried out either unexpectedly or with advance notice.

Here is an approximate list of issues that can be resolved or clarified during the inspection process:

• - location of the facility and degree of proximity to populated areas and other industrial facilities;
• - availability and condition of fixed and working capital;
• - general characteristics and condition of particularly dangerous units;
• - description and assessment of the management system (general and financial management, marketing, accounting);
• - details of recent incidents or claims made if the equipment was insured.

After the inspection is carried out, it is necessary to document all the results in the form of a report, where for each planned task the following is indicated:

• - purpose of the survey;
• - date and place of the event;
• - a summary of the conversations held with employees;
• - obtained data and materials;
• - examination result;
• - summary.

Based on the results of the inspection, it is necessary to add clarifications to the enterprise’s general database regarding the list of equipment and identified risks, as well as develop recommendations for revising the existing level of risk and methods for regulating it. If the risks were insured, then the risk managers are obliged to immediately notify the insurers of all changes identified during the inspection that are significant to the insurance contract.

Another important risk management tool is the audit of an investment project, including the analysis of financial and management reporting. This analysis is carried out in accordance with well-established methods of financial analysis (both of enterprises and investment projects).

The role of the analysis is especially important if the project includes a financing scheme in the form of a bank loan.

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Similar documents

Causes of external and internal risks in the enterprise. Expert method of risk assessment. Features of risk management at IGK Service RUS LLC. Characteristics of risk resolution means: avoidance, retention, transfer, reduction of their degree.

course work, added 10/01/2012


Theoretical aspects of risk management. Classification of risks and their assessment. Construction of a risk map. Identification and analysis of risks in the management of a construction organization. Formation of an information risk management system in a construction organization.

course work, added 04/16/2012


The purpose of risk management in the economic sphere. Methods of socio-economic forecasting. The main causes of external and internal risks. Organization of a risk management system at the enterprise, analysis of management and employee motivation systems.

course work, added 08/08/2013


Risk management as a branch of scientific management. Basic approaches to risk classification. Possible reasons for their occurrence. Assessment of external factors affecting the activities of Kiya-1 LLC. Analysis of risk management at the enterprise and ways to reduce them.

thesis, added 09.09.2012


The concept of factor, type of risks and losses from the occurrence of risk events. Assessing the effectiveness of actions to minimize risks. Analysis of project risks, their classification and identification. Risk management using the example of shared-equity construction of a residential building.

test, added 12/03/2014


Classification and types of risks in a wholesale trade enterprise. Functioning of risk management in an organization. Assessment of the economic condition of ZAO "Alexander", identification of trends in its further development and internal mechanisms of financial stabilization.

thesis, added 12/20/2010


Systematic approach to enterprise risk management. Assessment of risks in tour operating in the Russian Federation, their classification: financial, natural, environmental, political, transport, trade. Methods of internal risk management in tourism.

course work, added 04/06/2012


course work, added 05/03/2011