Algorithm

Purpose of Program Planning

A programmer cannot write the instructions to be followed by a computer unless the programmer knows how to solve the problem manually.

To ensure that the program instructions are appropriate for the problem and in the correct sequence.

Algorithm

•The term algorithm is often used to refer to the logic of a program.

•It is a step  by step description of how to arrive at the solution of the given problem.

•It may be formally defined as a sequence of instructions.

Evaluation of a Risk Management Plan

A risk management plan can never be perfect. However, the degree of its success depends upon risk analysis, management policies, planning and activities. A well-defined management plan can be successful only if risks are properly accessed. And if not, the main objective of risk management plan itself is defeated. Critical evaluation of a risk management plan at every stage is very necessary especially at an early stage. It will allow companies to discover the flaws before it gets into the action. Once you’re through the process, you can address the issues and then introduce it.

The below mentioned steps can help in analyzing and evaluating a risk management plan:

• Problem Analysis: Keep a note of all the events and activities of a risk management plan. Check out the problems arising from their implementation and assess if they have a serious impact on the whole process. Make a note of those that have serious implications.
• Match the Outcomes of a Risk Management Plans with its Objectives: Ends justify means. Check if the possible outcomes of a risk management plan are in tandem with its pre-defined objectives. It plays a vital role in analyzing if the plan in action is perfect. If it produces desired results, it does not need to be changed. But if it fails to produce what is required can be a really serious issue. After all, an organization deploys its resources including time, money and human capital and above all, the main aim of the organization is also defeated.
• Evaluate If All the Activities in the Plan are Effective: It requires a thorough investigation of each activity of a risk management plan. Checking out the efficiency of all the activities and discovering the flaws in their implementation allow you to analyze the whole plan systematically.
• Evaluate the Business Environment: A thorough study and critical evaluation of business environment where a risk management plan is to be implemented is essential. Take time to assess, analyze and decide what exactly is required.
• Make Possible Changes in Faulty Activities: After evaluating the effectiveness and efficiency of all the activities, try to make possible changes in the action plan to get desired results. It may be very time consuming but is necessary for successful implementation of your risk management plan.
• Review the Changed Activities: After making changes in already existing activities and events of a risk management plan, go for a final review. Try to note down the possible outcomes of the changed activity and match them with the main objectives of the risk management plan. Go ahead in case they are in line with them.

Evaluating a risk management plan sometimes can be very frustrating. It is definitely a time consuming process and also requires more of human efforts. Therefore, it is always better to analyze and evaluate a plan at every stage otherwise it will result in wastage of time, finances and efforts. In order to keep a check on it, specialized teams of risk managers can be appointed. The whole event can be outsourced to a risk management firm. The professionals at the firm can help you design, develop, implement and evaluate a risk management plan for your company.

How to create a Risk Management Plan?

Any project immaterial of the size of the same carries a lot of risks, which may be financial, non-financial, legal or physical. Having an effective risk management plan is first and foremost to the success of any project. The task is to anticipate these risks well in advance before the project takes off.

A good risk management plan carries number of tools and strategies to mitigate risk. The strategy may be to avoid risk or transfer a component of it another project so that the impact is reduced.

Other risk management strategies may suggest the acceptance of the risk. This is decided after a thorough cost/benefit analysis. The risk management plan also depends on how the risks are prioritized by the organization. Based on relative priorities risks are given weight age, for example a certain organization may be more concerned about the physical and legal risks, whereas another organization may be focusing on operational or strategic risks. Risk priority defines the strategy and finally the plan.

Besides keeping the risk management cycle in mind; before the final draft, an effective risk management plan may traverse through following:

• Make a List: Before starting or deciding on anything else it is important to make a list of potential risks. Even the minutest details need to be taken care of. Something that appears a minute threat now may transform into a potential risk in the near future. This is especially true for project management. Enlist the categories of the project and then evaluate each for risks. For example there may be a cost category; determine the factors that may increase cost and make a list.
• Prioritize the Risks: Arrange the risk in order of priority. Those that need to be dealt with first are listed first. Risks are prioritized on the basis of degree of impact and the likelihood of occurrence.
• Developing and Action Plan: Plans are designed to minimize the impact of the risk and to check the occurrence. In addition, an action plan in developed against each risk i.e. in event of occurrence how do we respond to the risk, who all will be responsible and what are the contingencies.
• Human Resource Deployment: Now people are deputed at specific points with specific roles. They work in tandem with the entire team and are specially deployed to undertake planned actions in case the anticipated risks come true. These actions are to be taken at specific points in time; a timeframe is necessary.
• Communication: Finally, communication of the plan to stakeholders (both internal and external becomes necessary). Present the plan to those who are supposed to make key interventions. Explain the timeframes and the actions and the responsibilities.

The formulation of the plan is in tandem with the risk management cycle which acts as the basic guideline. Both work in sync, in fact the interventions in step 3 discussed above cannot be without a thorough understanding of the cycle.

Various Aspects of Risk Management

What does risk management mean? Is it just identification, assessment and planning and controlling social, economic or physical threat to the organization? Is the concept only about transferring the risk or reduce its negative effects?

Well, the answers for the above questions is “no”. The process of risk management is not only restricted to controlling the threats or reducing their negative effects. It is a much deeper concept that also involves risk avoiding as well as risk taking. Every work involves some or other kinds of risk. Sometimes you avoid, sometimes you control the phenomenon and sometimes you simply let it come. Same is true for the business world.

The idea behind is that there are no hard and fast rules. This means that even though we have a systematic approach to treat risk it is not necessary that this is going to help. Simply designing and implementing a risk management plan is not enough to treat risk. It depends on firm-to-firm and industry-to-industry. There are various other criteria that need to be analyzed such as internal and external environment of a company, company’s ability to develop and implement a risk management plan effectively.

There are various other issues that need to be addressed. Before you spend your time, efforts and money, see if you really require a full-fledged risk management plan to control the financial, physical or social threat to the organization. Deeply examine your requirements and need to treat the risk. Sometimes, avoiding risk is considered as the best strategy.

When you decide about a risk management plan, you need to examine thoroughly and ask yourself few questions before proceeding further. These questions act as an eye opener and provide you with the outline of what you need to do and what to look at. Read further to know what you should ask yourself while designing, developing, implementing or reviewing your risk management plan:

• Do You Actually Need a Plan: This is first and the foremost question that you need to ask yourself. Thoroughly examine the situation and decide if you actually need a risk management plan.
• Is the Plan Feasible: This is really important to checkout if the prepared risk management plan is feasible or if it is possible to bring it to life. Also check if it suits your requirements or not.
• What Are the Strengths and Weaknesses of a Risk Management Plan: Conduct a SWOT analysis and try to find out the strengths and flaws in the plan. Remove the flaw before hand so that you get desired results after implementing it.
• Does It Meet Your Objectives: The biggest requirement for a risk management plan to be successful is that it should meet your company’s objectives. Try to match the firm’s objectives with plan’s objectives.
• Analyze If Risk Needs to be Treated: Carefully examine if you can avoid the risk or not. There is no need to develop a full-fledged plan if you think you can avoid it. It is not at all necessary to treat the risk always. It depends on the severity of a situation.
• Check If a Plan is Backed By Clearly Defined Activities and Events: A risk management plan should always be backed by clearly defined activities and events otherwise it may cause problems in long run.

The golden rule for the success rule of a risk management plan is that there is no golden rule. Each firm is different and faces different types of risks in different business environments. You need to develop a unique plan for your firm to manage the risks efficiently and effectively.

Risk Identification and Assessment - HR Issues

The organizational game is changing fast these days. The HR manager today acts as an associate with line management to crack important business issues. We therefore, have the emergence of Business HR function these days.

One of the most common factors in all organizations these days is the change. This change brings with it – risk. It is therefore imperative on the part of human resource managers to be aware of these risks.

Risk managers today are increasingly one in their opinion regarding the intervention of HR in the management of risk. For good reason the HR people are partnering their skills with people in the risk management department.

But how exactly do HR people play a role in risk management? Let’s assume that there is a drop in production steadily that has come to the notice of top management. The HR manager having identified the risk i.e. the drop in productivity goes on to locate the human element of the problem. The risk may be on account of a deviation between what should be done operationally and what is being operationally.

Once the risk has been identified the HR manager approaches the line managers and their staff and questions them to assess and prioritize the risk. Finally the HR manager strategizes to deal with the risk, if need be. One of the possible interventions is offering training to the staff. This is one of the ways in which the Human resource people play a vital role in risk management.

Performance Consulting: The relationship between the HR executive and strategic and operational business managers is talked about in performance consulting. Performance consultants work in close alliance with managers and other people within the organization. Their primary task is to work alongside and gain the trust of managers i.e. promotes trust relationships among managers. These partnerships are formed between various groups in the organization like senior managers, line managers and supervisors, top leadership and subject experts. They also promote partnerships with customers and suppliers.

As we know that risk management consists of risk identification, assessment, analysis and prioritization. The HR executive plays a significant role in risk control as well. Risk avoidance is one of the ways to deal with risk. Since the HR managers intervene only in the human element of the risk. Risk control measures here would include succession planning, executive coaching and development, all this to ensure that an organization is equipped adequately to deal with the risk.

Further, in risk management the HR executive plays a vital role in identifying attributes for important positions or executives within the organization. Training, developing and coaching people within the organization so as to increase their work ownership and increasing their morale for the future positions; employee turnover is also a potential risk from HR standpoint.

Risk Management Process

There are several bodies that lay down the principles and guidelines for the process of risk management. The steps involved remain the same more or less. There are small variations involved in the cycle in different kinds of risk.

The risks involved, for example, in project management are different in comparison to the risks involved finance. This accounts for certain changes in the entire risk management process. However the ISO has laid down certain steps for the process and it is almost universally applicable to all kinds of risk. The guidelines can be applied throughout the life of any organization and a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets.

As per ISO 31000 (Risk Management - Principles and Guidelines on Implementation), risk management process consists of the following steps and sub-steps:

• Establishing the Context
• Identification
• Assessment

1.     Establishing the Context: Establishing the context means all the possible risks are identified and the possible ramifications are analyzed thoroughly. Various strategies are discussed and decisions are made for dealing with the risk. The break-up of various activities in this stage is as follows:

a.     Identification of a risk in one particular domain.

b.     Planning out the entire management process.

c.     Mapping the manifestations of the risk, identification of objectives of risk etc.

d.     Outlining a framework.

e.     Designing an analysis of risks involved at each stage.

f.      Deciding upon the risk solution/s.

2.     Identification: Once the context has been established successfully, the next step is identification of threats or potential risks. This identification can be at the level of the source or the problem level itself.

a.     Source analysis means that the source of risks is analyzed and appropriate mitigation measures are put in place. This risk source could be either internal or external to the system. Examples of the risk source could be employees of the company, operational inefficiency in a certain process etc.

b.     Problem analysis on the other hand means the effect rather than the cause of the risk is analyzed. For example a drop in production, threat of losing money etc!

c.     The choice of the method varies across industry, organizational culture and other factors. However some common methods of risk identification are:

d.     Taxonomy based Risk Identification: The possible risk sources are broke down, hence taxonomy. A questionnaire is made best on existent knowledge; the answers to the questions are the risk.

e.     Objective based Risk Identification: An organization or any business activity has a certain objective/s. Any activity that is deemed an obstacle in the achievement of the same is perceived as risk.

f.      Scenario based Risk Identification: Here various scenarios, which may be alternative ways to achieve an objective, are created. If an undesired scenario is created, a threat is perceived with the same.

g.     Common Risk Check: There are certain risks that are common to an industry. Each risk is listed and checked on time.

3.     Assessment: Once the risks have been identified, they are then assessed on their likelihood of occurrence and the impact. This process can be simple as in case of assessment of tangible risks and difficult like in the assessment of intangible risks. This assessment is more or less a guessing game and the best educated guess decides the success of the plan.

The industry practice or formula for arriving upon the risk is:

Frequency of occurring × Impact

Principles of Risk Management

Various organizations have laid down principles for risk management. There are risk management principles by International standardization Organization and by Project Management Body of Knowledge.

The Project management body of knowledge (PMBOK) has laid down 12 principles. This article carries an amalgamation of both PMBOK and ISO principles. The various principles are:

1.     Organizational Context: Every organization is affected to varying degrees by various factors in its environment (Political, Social, Legal, and Technological, Societal etc). For example, an organization may be immune to change in import duty whereas a different organization operating in the same industry and environment may be at a severe risk. There are also marked differences in communication channels, internal culture and risk management procedures. The risk management should therefore be able to add value and be an integral part of the organizational process.

2.     Involvement of Stakeholders: The risk management process should involve the stakeholders at each and every step of decision making. They should remain aware of even the smallest decision made. It is further in the interest of the organization to understand the role the stakeholders can play at each step.

3.     Organizational Objectives: When dealing with a risk it is important to keep the organizational objectives in mind. The risk management process should explicitly address the uncertainty. This calls for being systematic and structured and keeping the big picture in mind.

4.     Reporting: In risk management communication is the key. The authenticity of the information has to be ascertained. Decisions should be made on best available information and there should be transparency and visibility regarding the same.

5.     Roles and Responsibilities: Risk Management has to be transparent and inclusive. It should take into account the human factors and ensure that each one knows it roles at each stage of the risk management process.

6.     Support Structure: Support structure underlines the importance of the risk management team. The team members have to be dynamic, diligent and responsive to change. Each and every member should understand his intervention at each stage of the project management lifecycle.

7.     Early Warning Indicators: Keep track of early signs of a risk translating into an active problem. This is achieved through continual communication by one and all at each level. It is also important to enable and empower each to deal with the threat at his/her level.

8.     Review Cycle: Keep evaluating inputs at each step of the risk management process – Identify, assess, respond and review. The observations are markedly different in each cycle. Identify reasonable interventions and remove unnecessary ones.

9.     Supportive Culture: Brainstorm and enable a culture of questioning, discussing. This will motivate people to participate more.

10.  Continual Improvement: Be capable of improving and enhancing your risk management strategies and tactics. Use your learning’s to access the way you look at and manage ongoing risk.

Risk Management - A Basic Understanding

Literally speaking, risk management is the process of minimizing or mitigating the risk. It starts with the identification and evaluation of risk followed by optimal use of resources to monitor and minimize the same.

Risk generally results from uncertainty. In organizations this risk can come from uncertainty in the market place (demand, supply and Stock market), failure of projects, accidents, natural disasters etc. There are different tools to deal with the same depending upon the kind of risk.

Ideally in risk management, a risk prioritization process is followed in which those risks that pose the threat of great loss and have great probability of occurrence are dealt with first. Refer to table below:

IMPACT	ACTIONS
SIGNIFICANT	Considerable Management Required	Must Manage and Monitor Risks	Extensive Management essential
MODERATE	Risk are bearable to certain extent	Management effort worthwhile	Management effort required
MINOR	Accept Risks	Accept but monitor Risks	Manage and Monitor Risks
	LOW	MEDIUM	HIGH
	LIKELIHOOD

The above chart can be used to strategize in various situations. The two factors that govern the action required are the probability of occurrence and the impact of the risk. For example a condition where the impact is minor and the probability of occurrence is low, it is better to accept the risk without any interventions. A condition where the likelihood is high and the impact is significant, extensive management is required. This is how a certain priority can be established in dealing with the risk.

Apart from this, typically most of the organizations follow a risk management cycle. Refer diagram below:

According to this cycle there are four steps in the process of risk management. The first step is the assessment of risk, followed by evaluation and management of the same. The last step is measuring the impact.

Risk identification can start at the base or the surface level, in the former case the source of problems is identified. We now have two things to deal with the source and the problem.

Risk Source: The source can be either internal or external to the system. External sources are beyond control whereas internal sources can be controlled to a certain extent. For example, the amount of rainfall, weather over an airport etc!

Problem: A problem at the surface level could be the threat of accident and casualty at the plant, a fire incident etc.

When any or both of the above two are known beforehand, certain steps can be taken to deal with the same.

After the risk/s has been identified then it/they must be assessed on the potential of criticality. Here we arrive upon risk prioritization. In generic terms ‘likelihood of occurrence × impact’ is equal to risk.

This is followed by development of a risk management plan and implementation of the same. It comprises of the effective security controls and control mechanisms for mitigation of risk.

A more challenging risk to organizational effectiveness is the risk that is present but cannot be identified. For example a perpetual inefficiency in the production process accumulates over a certain period of time and translates into operational risk.