RISK ASSESSMENT MANAGEMENT

(IS-4) MIDTERM NOTES

Prepared by:

Sharmaine G. Dato, RCrim

Instructor
 Unit 3: The Risk Management Process
Introduction to Risk Management

Definition and Importance

Risk management is a systematic approach to identifying, assessing, and

managing risks to mitigate their potential impact on an organization. It is essential for
safeguarding assets, ensuring operational continuity, and achieving strategic
objectives. Effective risk management helps organizations anticipate and prepare for
potential challenges, thereby enhancing resilience and performance.

Occupational Scope

In an occupational context, risk management encompasses various aspects:

Scope Definition: Clearly defining what aspects of the organization are included in
the risk management process. This involves setting specific objectives, deliverables,
and boundaries.

Strategy Development: Crafting a strategy that outlines how risks will be managed,
including defining risk tolerance levels, developing risk mitigation measures, and
setting up monitoring processes.

Condition Assessment: Evaluating existing risk management practices, identifying

gaps, and determining areas for improvement. This assessment helps in refining the
risk management framework to better address potential threats.

Risk Management Framework

Project Scope

Defining the project scope is crucial for implementing a successful risk management
process:

Scope Definition: This involves outlining the specific objectives and deliverables of
the risk management project. For example, a project might aim to develop a
comprehensive risk management plan for a new product launch.

Strategy Development: Developing a strategy involves setting objectives, defining

risk tolerance, and establishing risk management practices. For instance, if the
organization is launching a new product, the strategy would include identifying risks
related to product development, market acceptance, and regulatory compliance.

Condition Assessment: Assessing current risk management practices involves

reviewing existing controls and identifying any weaknesses. This might include
evaluating how risks related to previous product launches were managed and
identifying lessons learned.
 Structuring the Risk Management Process

Risk Identification

Risk identification is the first step in the risk management process. It involves:

Identifying Risk Sources: Recognizing potential sources of risk, both internal (e.g.,
operational issues) and external (e.g., market fluctuations). For example, in a
construction project, internal risks might include equipment failures, while external
risks could involve adverse weather conditions.

Categorizing Risks: Grouping risks into categories such as strategic, operational,

financial, and compliance. This helps in prioritizing risks and focusing on those that
have the greatest potential impact. For instance, strategic risks might involve
changes in market dynamics, while operational risks could include supply chain
disruptions.

Tools and Techniques: Using various tools to identify risks, such as brainstorming
sessions, checklists, and risk assessment matrices. For example, a brainstorming
session might help a team identify potential risks in a new marketing campaign, while
a checklist could ensure that all regulatory compliance risks are considered.

Risk Assessment

Risk assessment involves evaluating the potential impact and likelihood of identified
risks:

Risk Analysis: Analyzing the nature of each risk to understand its potential impact.
This includes assessing both the probability of occurrence and the potential
consequences. For example, a risk analysis for a software development project might
involve evaluating the likelihood of technical failures and their impact on project
deadlines.

Risk Evaluation: Prioritizing risks based on their severity and likelihood. This helps in
focusing on high-priority risks that require immediate attention. For instance, in a
financial institution, high-priority risks might include cybersecurity threats, while
lower-priority risks could involve minor operational issues.

Risk Mapping: Developing a risk map or matrix to visualize and prioritize risks. This
tool helps in identifying high-risk areas that need to be addressed promptly. For
example, a risk map for a manufacturing plant might highlight areas with high safety
risks, allowing management to prioritize mitigation efforts.

Risk Management Planning

Effective risk management planning includes:

Developing Mitigation Strategies: Creating strategies to address identified risks. This

could involve risk avoidance (e.g., choosing a different supplier to avoid supply chain
issues), risk reduction (e.g., implementing safety measures to reduce workplace
accidents), risk sharing (e.g., purchasing insurance), or risk acceptance (e.g.,
accepting minor risks with low impact).
Resource Allocation: Allocating resources such as personnel, finances, and
technology to implement risk management strategies. For example, allocating budget
and staff to develop a contingency plan for a critical project.

Contingency Planning: Establishing contingency plans to handle potential risk

scenarios. This includes developing response plans for emergencies and conducting
regular drills to ensure preparedness. For example, a hospital might develop
contingency plans for handling a sudden influx of patients during a health crisis.

Implementation and Monitoring

Implementation

Implementing the risk management plan involves:

Action Execution: Carrying out the risk mitigation strategies as planned. This requires
ensuring that all stakeholders understand their roles and responsibilities. For
instance, in a construction project, it involves executing safety protocols and ensuring
compliance with regulatory requirements.

Training and Communication: Providing training to employees on risk management

procedures and communicating the importance of following these practices. For
example, conducting training sessions on cybersecurity best practices for IT staff.

Monitoring and Review

Continuous monitoring and review are essential for effective risk management:

Performance Monitoring: Regularly tracking the performance of risk management

strategies. This involves reviewing the effectiveness of implemented controls and
making necessary adjustments. For example, monitoring the effectiveness of a new
safety procedure in reducing workplace accidents.

Review and Update: Periodically reviewing and updating the risk management plan
based on changes in the organizational environment and emerging risks. For
instance, updating the risk management plan to address new regulatory
requirements or emerging threats.

Reporting: Maintaining documentation and reporting mechanisms to provide visibility

into risk management activities. This helps in ensuring accountability and facilitating
informed decision-making. For example, generating regular risk management reports
for senior management.

Integration with Organizational Processes

Strategic Alignment

Aligning risk management practices with organizational strategies and objectives

ensures that risk management efforts support overall business goals. This involves
integrating risk management into strategic planning processes. For example, aligning
risk management with strategic goals in a merger and acquisition process to address
potential integration challenges.
Compliance and Governance

Ensuring compliance with relevant regulations, standards, and best practices is

crucial. Establishing governance structures to oversee risk management activities
ensures adherence to policies and procedures. For example, forming a risk
management committee to oversee the implementation and effectiveness of risk
management practices.

Continuous Improvement

Adopting a culture of continuous improvement involves:

Encouraging Feedback: Soliciting feedback from employees and stakeholders to

identify areas for improvement. For instance, gathering feedback on the effectiveness
of risk management training programs.

Learning from Past Experiences: Analyzing past incidents and lessons learned to
improve risk management practices. For example, reviewing past project failures to
identify and address weaknesses in risk management processes.

Integrating Best Practices: Incorporating industry best practices and lessons learned
from other organizations to enhance risk management practices. For example,
adopting new risk assessment tools and techniques based on industry trends.

Case Studies

Case Study 1: Risk Management in the Construction Industry

In the construction industry, effective risk management is crucial due to the high
level of uncertainty and potential for safety hazards. A notable example is the
implementation of a comprehensive risk management plan by a major construction
firm to address safety risks, regulatory compliance, and project delays.

Risk Identification: The firm identified risks related to safety, including equipment
failures and accidents, as well as regulatory compliance issues and project delays.

Risk Assessment: Risks were analyzed to determine their potential impact on project
timelines and costs. High-priority risks included equipment failures and safety
incidents.

Mitigation Strategies: The firm implemented safety protocols, conducted regular

safety training, and developed contingency plans for equipment failures. They also
established a risk management committee to oversee compliance with regulations.

Outcome: The firm successfully reduced the number of safety incidents and project
delays, leading to improved project efficiency and compliance.

Case Study 2: Risk Management in Financial Institutions

 Financial institutions face significant risks related to cybersecurity, regulatory
compliance, and market fluctuations. A leading bank implemented a robust risk
management framework to address these challenges.

Risk Identification: The bank identified risks related to cybersecurity threats,

regulatory compliance, and market volatility.

Risk Assessment: Risks were assessed to determine their potential impact on

financial stability and regulatory compliance. High-priority risks included cybersecurity
breaches and regulatory penalties.

Mitigation Strategies: The bank implemented advanced cybersecurity measures,

conducted regular compliance audits, and developed strategies to manage market
risks. They also established a dedicated risk management team to monitor and
address emerging risks.

Outcome: The bank successfully mitigated cybersecurity threats, maintained

regulatory compliance, and managed market risks effectively, enhancing overall
financial stability.

Emerging Trends and Future Directions

Technological Advances

Advancements in technology are transforming risk management practices. Tools

such as artificial intelligence (AI), machine learning, and big data analytics are
enabling organizations to identify and assess risks more accurately and in real-time.

AI and Machine Learning: These technologies can analyze large volumes of data to
identify patterns and predict potential risks. For example, AI algorithms can detect
anomalies in financial transactions that may indicate fraudulent activity.

Big Data Analytics: Big data analytics allows organizations to analyze complex
datasets to identify emerging risks and trends. For instance, analyzing social media
data to detect potential reputational risks.

Regulatory Changes

Regulatory changes are continuously evolving, impacting risk management

practices. Organizations must stay updated on regulatory requirements and adjust
their risk management frameworks accordingly.

Compliance Management: Ensuring compliance with new regulations requires

continuous monitoring and updating of risk management practices. For example,
adapting to new data protection regulations such as GDPR.

Globalization and Supply Chain Risks

Globalization and complex supply chains introduce new risks related to

geopolitical events, trade disruptions, and supply chain vulnerabilities. Organizations
must develop strategies to manage these risks effectively.
Supply Chain Resilience: Building resilience in supply chains involves diversifying
suppliers, developing contingency plans, and monitoring geopolitical developments.
For example, establishing alternative suppliers to mitigate the impact of trade
disruptions.

Overall Conclusion

The risk management process is essential for organizational success and

resilience. By systematically identifying, assessing, and managing risks,
organizations can protect their assets, ensure operational continuity, and achieve
strategic objectives. A comprehensive approach to risk management, coupled with
ongoing monitoring and improvement, enhances organizational performance and
safeguards against potential threats.

Effective risk management involves integrating best practices, leveraging

technological advancements, and adapting to regulatory changes. By adopting a
proactive and structured approach to risk management, organizations can navigate
uncertainties and achieve long-term success.
 Unit 4: The four thematic area of DRRM Disaster Prevention
and Disaster Mitigation

Introduction

Disaster Risk Reduction and Management (DRRM) is essential for safeguarding

communities and ensuring their resilience against natural and man-made hazards.
Within DRRM, Disaster Prevention and Disaster Mitigation are pivotal in reducing
disaster risks and impacts. This lecture will delve into these concepts, examining
various tools and strategies, and will focus on the specific approaches adopted in the
Philippines.

I. Disaster Prevention

A. Definition and Importance

Disaster Prevention involves actions and strategies designed to avert the

occurrence of disasters or to prevent their escalation. It aims to eliminate or reduce
the causes of disasters through proactive measures. By focusing on prevention,
communities can significantly lower their risk profiles and avoid the human,
economic, and environmental costs associated with disasters.

B. Disaster Prevention Tools

Early Warning Systems

 Definition: Early Warning Systems (EWS) are designed to provide advance

notice of impending hazards, allowing individuals and communities to take
protective actions.

 Components: EWS typically include hazard monitoring, data collection, risk

assessment, communication systems, and public education.

 Philippine Example: The Philippine Atmospheric, Geophysical, and Astronomical

Services Administration (PAGASA) operates the nationwide Early Warning
System for weather-related hazards. It provides timely updates on typhoons,
floods, and other meteorological phenomena through various media and mobile
applications.

Land Use Planning

 Definition: Land use planning involves organizing land resources to minimize

risks by avoiding hazardous areas and promoting safe land use practices.

 Components: Zoning regulations, land-use maps, and development guidelines.

 Philippine Example: The Philippine government has integrated disaster risk

reduction into the National Building Code and land use plans. Local government
units (LGUs) are required to prepare and implement Comprehensive Land Use
Plans (CLUPs) that consider disaster risks.
Building Codes and Standards

 Definition: Building codes and standards are regulations that ensure structures
are designed and built to withstand specific hazards.

 Components: Structural design requirements, material specifications, and safety

measures.

 Philippine Example: The National Building Code of the Philippines (NBCP)

includes provisions for earthquake-resistant design and construction standards,
particularly in high-risk areas.

Public Education and Awareness

 Definition: Public education and awareness involve informing the community

about disaster risks and preventive measures.

 Components: Educational campaigns, drills, workshops, and community

outreach programs.

 Philippine Example: The Department of Education (DepEd) conducts disaster

preparedness programs in schools, including drills and educational materials to
teach students about safety measures.

Infrastructure Maintenance

 Definition: Infrastructure maintenance ensures that critical infrastructure, such as

dams, bridges, and flood control systems, remains functional and resilient.

 Components: Regular inspections, repairs, and upgrades.

 Philippine Example: The Department of Public Works and Highways (DPWH)

oversees the maintenance and improvement of flood control infrastructure, such
as river embankments and drainage systems.

C. Case Studies and Examples

 Japan’s Tsunami Warning System Japan’s sophisticated tsunami warning

system involves a network of seismographs, ocean buoys, and coastal sensors.
This system has been instrumental in providing early warnings and minimizing
casualties during tsunami events.

 Netherlands' Flood Defense System The Netherlands employs an advanced

flood defense system, including sea dikes, storm surge barriers, and innovative
flood management techniques. This system has successfully protected the
country from severe flooding despite its low-lying geography.
 II. Disaster Mitigation

A. Definition and Importance

Disaster Mitigation focuses on reducing the severity and impact of disasters

through proactive measures and strategies. While prevention aims to stop disasters
from happening, mitigation seeks to lessen the damage when disasters occur, thus
enhancing community resilience and facilitating recovery.

B. Kinds of Mitigation Measures

Structural Mitigation

 Definition: Structural mitigation involves physical modifications to buildings and

infrastructure to make them more resistant to hazards.

 Components: Reinforced construction, seismic retrofitting, flood barriers, and

storm-resistant designs.

 Philippine Example: The Metro Manila Earthquake Impact Reduction Study

(MMEIRS) has led to retrofitting initiatives and improved construction practices in
earthquake-prone areas.

Non-Structural Mitigation

 Definition: Non-structural mitigation includes policy, planning, and organizational

measures that reduce disaster risks.

 Components: Land use policies, building regulations, and community

preparedness programs.

 Philippine Example: The Philippine Disaster Risk Reduction and Management

Act of 2010 (Republic Act No. 10121) mandates the integration of disaster risk
reduction into local development plans and emphasizes community-based
disaster risk management.

Natural Hazard Mitigation

 Definition: This involves using natural processes and ecosystems to reduce the
impacts of hazards.

 Components: Ecosystem conservation, reforestation, and wetland restoration.

 Philippine Example: The “National Greening Program” aims to reforest denuded

areas to enhance natural disaster resilience, such as reducing landslide risks
and improving flood management.

Community-Based Mitigation

 Definition: Community-based mitigation empowers local communities to

participate in identifying risks and implementing mitigation strategies.
 Components: Local risk assessments, community action plans, and capacity-
building initiatives.

 Philippine Example: The Barangay Disaster Risk Reduction and Management

Committees (BDRRMCs) are instrumental in local disaster planning and
response, ensuring that mitigation measures are contextually appropriate and
effective.

Technological Mitigation

 Definition: Technological mitigation involves the application of technology to

enhance disaster resilience and reduce impacts.

 Components: Geographic Information Systems (GIS), remote sensing, and

advanced materials.

 Philippine Example: The “Project NOAH” (Nationwide Operational Assessment

of Hazards) utilizes GIS and remote sensing technologies to assess and map
hazards, providing valuable data for disaster risk reduction.

C. Case Studies and Examples

 San Francisco’s Earthquake Retrofitting Program In response to the 1989 Loma

Prieta earthquake, San Francisco implemented a comprehensive retrofitting
program for its buildings and infrastructure, significantly enhancing the city’s
earthquake resilience.

 Bangladesh’s Cyclone Preparedness Program Bangladesh’s program includes

early warning systems, cyclone shelters, and community training. This integrated
approach has markedly reduced cyclone-related casualties and damage.

III. Philippine Strategies in Disaster Prevention and Mitigation

A. National and Local Strategies

National Disaster Risk Reduction and Management Council (NDRRMC) The

NDRRMC coordinates disaster risk reduction and management efforts at the national
level. It formulates policies, plans, and programs to enhance disaster resilience.

Philippine Atmospheric, Geophysical, and Astronomical Services Administration

(PAGASA) PAGASA provides weather forecasts, early warnings, and climate
information critical for disaster prevention and mitigation.

Department of Public Works and Highways (DPWH) DPWH is responsible for

maintaining and improving infrastructure, including flood control systems and roads,
to mitigate disaster impacts.

Local Government Units (LGUs) LGUs are key players in implementing disaster
risk reduction measures, including local planning, community-based programs, and
infrastructure maintenance.
 Community-Based Disaster Risk Reduction and Management (CBDRRM)
CBDRRM emphasizes local participation in disaster risk management, empowering
communities to address their specific risks and vulnerabilities.

B. Challenges and Opportunities

Challenges

 Limited Resources: Many areas face constraints in terms of financial and

technical resources for implementing effective disaster prevention and mitigation
measures.

 Geographic and Environmental Factors: The Philippines’ archipelagic nature and

susceptibility to natural hazards pose significant challenges for comprehensive
disaster risk management.

Opportunities

 Technological Advancements: Leveraging new technologies and innovations can

enhance disaster prevention and mitigation efforts.

 Community Engagement: Strengthening community involvement in disaster risk

management can lead to more effective and sustainable outcomes.

Overall Conclusion

Disaster Prevention and Disaster Mitigation are fundamental components of

effective Disaster Risk Reduction and Management. By understanding and
implementing tools and strategies for prevention and mitigation, communities can
enhance their resilience and reduce the adverse impacts of disasters. In the
Philippines, national and local strategies reflect a commitment to integrating these
principles into everyday practices, although challenges remain. Continued efforts to
innovate and engage communities will be essential for achieving greater disaster
resilience.
References

 ISO 31000:2018. Risk Management – Guidelines. International Organization for

Standardization. Available at: https://www.iso.org/standard/65694.html

 Chapman, C., & Ward, S. (2011). Managing Risk in Projects. Routledge.

 Hillson, D. (2017). The Risk Management Handbook: A Practical Guide to

Managing the Multiple Dimensions of Risk. Kogan Page Publishers.

 Tannenbaum, S., & Schmidt, W. (1973). How to Choose a Leadership Pattern.

Harvard Business Review.

 O’Regan, N., & Ghobadian, A. (2004). High Performance Work Systems and
Firm Performance. International Journal of Human Resource Management,
15(3), 408-425.

 Bernstein, P. L. (1996). Against the Gods: The Remarkable Story of Risk. Wiley.

 Aven, T. (2015). Risk Analysis: Assessing Uncertainties Beyond Expected

Values and Probabilities. Wiley.

 Lam, J. (2014). Enterprise Risk Management: From Incentives to Controls.

Wiley.

 Hallowell, M. R., & Gambatese, J. A. (2010). Qualitative Research on

Construction Safety: Theoretical and Methodological Considerations.
Construction Management and Economics, 28(10), 1077-1087.

 Waring, M., & Kearney, A. (2005). Risk Management in the Modern Enterprise.
Cambridge University Press.

 Jorion, P. (2007). Value at Risk: The New Benchmark for Managing Financial
Risk. McGraw-Hill.

 McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative Risk Management:
Concepts, Techniques, and Tools. Princeton University Press.

 Kramer, R., & Newton, R. (2010). Enterprise Risk Management: A Guide for
Government Professionals. Wiley.

 Elickson, R., & Simeon, M. (2018). Risk Management in Healthcare Institutions:

A Comprehensive Guide. Routledge.

 Young, P. (2014). Risk Management: A Practical Guide to Managing the Multiple

Dimensions of Risk. Wiley.

 Palazzo, G., & Scherer, L. (2018). Corporate Social Responsibility and Risk
Management. Springer.

 Sobel, J., & Rapoport, A. (2014). Strategic Risk Management: A Practical Guide
to Managing the Multiple Dimensions of Risk. Wiley.

 Miller, K. D. (2008). Risk and Rationality: The Theory and Practice of Risk
Management. Routledge.

 Srinivasan, S. (2017). Managing Risk in Emerging Markets: Principles and

Practice. Palgrave Macmillan.
 Grimsey, D., & Lewis, M. K. (2002). Evaluating the Risks and Benefits of Public-
Private Partnerships in Infrastructure Projects. Cambridge University Press.

 National Disaster Risk Reduction and Management Council (NDRRMC). (2023).

Disaster Risk Reduction and Management. Retrieved from
https://www.ndrrmc.gov.ph/

 Philippine Atmospheric, Geophysical, and Astronomical Services Administration

(PAGASA). (2022). Early Warning Systems. Retrieved from
https://www.pagasa.dost.gov.ph/

 Department of Public Works and Highways (DPWH). (2021). Infrastructure and

Flood Control. Retrieved from https://www.dpwh.gov.ph/

 Barangay Disaster Risk Reduction and Management Committees (BDRRMCs).

(2021). Community-Based Disaster Risk Management. Retrieved from
https://www.drrm.ph/

 Department of Education (DepEd). (2020). Disaster Preparedness in Schools.

Retrieved from https://www.deped.gov.ph/

 National Greening Program. (2022). Forest Restoration and Management.

Retrieved from https://www.denr.gov.ph/

 Project NOAH. (2021). Nationwide Operational Assessment of Hazards.

Retrieved from https://www.projectnoah.ph/

 United Nations Office for Disaster Risk Reduction (UNDRR). (2022). Disaster
Risk Reduction Strategies. Retrieved from https://www.undrr.org/