风险管理[外文翻译]

外文翻译

Risk Management

Material Source: Springer Series in Reliability Engineering, 2010, Risks in Technological Systems, Pages 175-198 Author: Terje Aven This chapter reviews and discusses the basic issues and principles of risk management, including:

●Risk acceptability(tolerability)

●Risk reduction and the ALARP principle

●Cautionary and precautionary principles

and presents a case study showing the importance of these issues and principles in a practical management context. Before we take a closer look, let us briefly address some basic features of risk management.

Overview of Risk Management

The purpose of risk management is to ensure that adequate measures are taken to protect people, the environment, and assets from possible harmful consequences of the activities being undertaken, as well as to balance different concerns, in particular risks and costs. Risk management includes measures both to avoid the hazards and to reduce their potential harm. Traditionally, in industries such as nuclear, oil and gas risk management was based on a prescriptive regulating regime, in which detailed requirements were set with regard to the design and operation of the arrangements. This regime has gradually been replaced by a more goal-oriented regime, putting emphasis on what to achieve rather than on the means of achieving it.

Risk management is an integral aspect of a goal-oriented regime (Figure 12.1). It is acknowledged that risk cannot be eliminated but must be managed. There is nowadays an enormous drive and enthusiasm in various industries and in society as a whole to implement risk management in organizations. There are high expectations that risk management is the proper framework through which to achieve high levels of performance.

Risk management involves achieving an appropriate balance between realizing opportunities for gain and minimizing losses. It is an integral part of good management practice and an essential element of good corporate governance. It is an iterative process consisting of steps that, when undertaken in sequence, can lead to a continuous improvement in decision-making and facilitate a continuous improvement in performance.

To support decision-making regarding design and operation, risk analyses are carried out.

They include the identification of hazards and threats, cause analyses, consequence analyses, and risk descriptions. The results are then evaluated. The totality of the analyses and the evaluations are referred to as risk assessments. Risk assessment is followed by risk treatment, which is a process involving the development and implementation of measures to modify the risk, including measures designed to avoid, reduce (“optimize”),transfer, or retain the risk. Risk transfer means sharing with another party the benefit or loss associated with a risk. It is typically effected through insurance. Risk management covers all coordinated activities in the direction and control of an organization with regard to risk. This terminology is in line with ISO/IEC Guide 73(2002).

Figure plex industrial activities require systematic Risk Management. Here a view of the Mexican Oil Refinery Francisco I Madero. (Photo: Adalberto Ríos Szalay/AGE/Scanpix) In many enterprises, the risk management tasks are divided into three main categories: strategic risk, financial risk, and operational risk. Strategic risk includes aspects and factors that are important for the enterprise’s long-term strategy and plans, for example mergers and acquisitions, technology, competition, political conditions, legislation and regulations, and labor market. Financial risk includes the enterprise’s financial situation, and includes:

●Market risk, associated with the costs of goods and services, foreign exchange

rates and securities (shares, bonds, etc.)

●Credit risk, associated with a debtor’s failure to meet its obligations in accordance

with agreed terms

●Liquidity risk, reflecting lack of access to cash; the difficulty of selling an asset in

a timely manner

Operational risk is related to conditions affecting the normal operating situation:

●Accidental events, including failures and defects, quality deviations, natural

disasters

●Intended acts; sabotage, disgruntled employees, etc.

●Loss of competence, key personnel

●Legal circumstances, associated for instance, with defective contracts and liability

insurance

For an enterprise to become successful in its implementation of risk management, top management needs to be involved, and activities must be put into effect on many levels. Some important points to ensure success are (Aven 2008a):

●The establishment of a strategy for risk management, i.e., the principles of how

the enterprise defines and implements risk management. Should one simply follow the regulatory requirements (minimal requirements), or should one be the “best in the class”?