Process of Risk Management

Discuss About The Faculty Engineering And Industrial Science.

Pro-active risk managementrefers to identifying threats and taking safety measures before the risks occur (Bender, 2004). The difficulties are dealt with in advance by devising business strategies aimed at lofty goals and at the same time taking all the necessary precautions in risk mitigation. For example, installing a burglar proof system in a house rather than running the risk of losing personal assets to burglaries. Reactive risk management is a response based response which involves taking action after the risk occurs or a problem is identified after an audit, responding immediately to safety events, for example, fire-fighting after a fire outbreak.

Identify the risk- This step describes, uncovers and recognizes the risk. A Project Risk Register is then prepared. The Risk Register is a document that helps track problems as they arise making it possible to do pro-active risk management to mitigate the risks. This may also happen after occurrence of a risk and reactive measures taken to contain it.

Understanding the risk significance- Amount of loss that could be incurred in case of occurrence of the risk is evaluated under this step. This is significant as the amount and kind of investment to be made in pro-active measures is decided after significance consideration. Low loss risks will tend to receive lesser attention than high profile ones. For example, between maintenance of office stationary and installation of a fire control system, the former will need more resources.

Prioritizing risks- The risks are analyzed and classified according to potential impact and the amount of attention that each deserves is determined. The ones that require immediate attention are taken care of first and the others reserved for a later time.

Owning the risks- This involves assigning individuals to oversee the entire process of the risk mitigation as per priority. The assigned individuals will always be on watch-out and in case of occurrence of the risk, be at the forefront in containment exercise. Safety drills that relate to their assigned risks will be led by them at all times. Risk mitigation is therefore institutionalized.

Responding to the risks- Involves coming up with measures aimed at mitigating the impact of the risk that has occurred. If the risk is new, that is, if it is not included in the risk register and has never occurred before, reactive measures are taken to curb it, after which pro-active measures are put in place to prevent damage in case it happens again.

Sources of Risks in an Organization

Recognizing risk control measures available- Includes understanding and applying the right insurance cover for the risk. A statement is made, stating the process-oriented measures in place, to be applied in case of occurrence of the risk. This is well detailed, with the roles of every player clearly defined so as to make it easy to deal with occurrence of the risk.

Risk’s control improvement possibilities evaluation- Any improvements on the measures put in place is evaluated after putting into consideration financial, legal and moral issues. Loop holes that could give the insurance company an allowance to file a negligence suit to avoid compensation of damages are evaluated and sorted out. The activities of the company are also regularly checked and ensured to be in line with the surrounding community’s moral values.

Monitoring results- After a proper response to the risk, the task now is to regularly track the progress of the project as per the response adopted to ensure that all is well. A graph can be kept to keep tabs on the frequency of occurrence of the risk and help evaluate the pro-active measures put in place. If they are effective, they are left in operation. If they are not, improvements are made, or new systems altogether introduced.

Reviewing the process-The whole process undertaken is reviewed so as to establish whether it was satisfactory or not according to the results. This helps the company make plans for the future, mostly involving investment in a better risk management system, or if the current one is satisfactory, such investment can be directed elsewhere.

Internal environment- The trade that the organization deals in is the first source of its risks. For instance, a company dealing in manufacture and storage of hydrochloric acid risks extensive damages in case of explosions and resulting fire.

Employee motivation is also an internal environment factor that could pose risks to the company. If they are not well remunerated for their hard work, they may end up selling the company trade secrets to rival firms.

Organization and operational structure could also pose a risk internally. If there is no coordination among the top officials when working, then the company may not hold for long until it faces dissolution.

Innovation is important as it helps the company keep in competition with other rival firms. If a firm does not improve its products over time, it may easily become obsolete.

Importance of Maintaining a Risk Register

External environment- Factors like competition may compel a company to engage in certain measures, in an attempt to cope with intense competition, thereby risking the very existence of the company. This may involve reducing the prices of its products so as to attract customers, which can have positive or more likely, negative impacts.

Government policy (as an external business environment)- Sometimes a government can pass a policy that can kick a company out of business, especially if its operations are rendered illegal under the new laws passed. Certain regulations may also force the company to stop certain operations which may eventually translate to reduction of profit margins and losses.

The company’s legal environment may be a source of risks to the firm. The company should be flexible and easily adapt to changing regulations, else it will fall prey to law suits and get itself in settlement meetings that could bankrupt it.

A Risk register is a document created in the preliminary steps of risk management to identify certain risks as they occur, and other risks as a result of these initial risks, making it possible to make effective pro-active measures. The contents are a disparate collection including:

1. Description of risks- Within the project risk register, each risk that had been identified as a potential threat to the business is clearly defined.
2. Risk triggers- The register lists all the forces that could bring about occurrence of the risk in question. All employees are informed about all these triggers so as to be co-watchdogs with the rest of the experts assigned to check on these risks. If a certain amount of capital owned by the firm could make it go bankrupt, then everyone is motivated to work hard to ensure that that level is never reached.

• Steps to mitigate the risks- This encompasses insurance covers, installation of safety systems e.g., fire systems, security cameras and alarms. It also includes the conduct of the whole body of employees in case of occurrence of a risk such as a fire. Clear passage ways are created, and necessary indications made using posters, to allow for orderly evacuation and to allow for the installed systems to perform their duty.

1. Impact of the risks- The register also includes the kind of damage to be expected in case of occurrence of the risk. Hence, it helps in putting in place measures to ensure that the high loss risks never occur. Early planning is also made just in case the risk occurs, to allow for normal business operations. For example, if a company deals in highly flammable products, then investment in insurance against damages and losses due to fire is done. In case of a fire, which could burn down the entire premises, the firm is still covered and will not lose much.
2. Likelihood or probability of the risk occurring- Likelihood and frequency of occurrence of the risk is indicated. As a result, the firm is always ready to put in immediate counter-measures in case pro-active measures fail to mitigate the risk. Occurrence of the risk will never take the business by surprise. For instance, if the premises get flooded during the rainy seasons, then effective drainage systems are put in place to take care of the problem. If the drainage system fails, the firm will have already invested in water pumps and outside drainage systems to help the overwhelmed internal drainage systems.
3. Risk matrix score of the risk- This score will determine whether the risk is low-loss or high-loss. In case of the latter, safety investment is channeled elsewhere whereas if the former is the case, it will receive more attention in terms of investment.

• Risks left after mitigation/ The residual risk- After mitigation of a risk, there are normally small other risks that result. They are called residual risks. For instance, if a major fire occurs, there are fumes which still hang in the air and are just as dangerous as the fire when inhaled. The register therefore keeps an account of all these residual risks and the company puts in measures to take care of such residual risks that is, buying nose and mouth covers for employees.
• The ownership of the risk- In the register is included a list of employees entrusted with the responsibility of being on the watch-out for specific risks, and being on the forefront in mitigating them in case they occur.

1. The risk identification- Each risk is assigned a unique identification. This serves both in easy identification in case of occurrence, and making the employees get used to them in a positive manner. Employees will take certain occurrences as normal happenings and continue with their work.
2. The acceptable probability after treatment- After a risk occurrence has been taken care of, there is still the probability of the risk occurring again, acceptable probability after treatment. Such information is important as counter measures are put in place to take care of the smallest occurrence of such risks. For instance, when hiring staff, the company should make every one sign a declaration of non-disclosure, so that any secrets of the company stays within the company. And any risk of a laid off employee using such information in a court of law to attack the company becomes illegal.

(e) Distinction between operational and general risks is of significance during compensation by the insurance company after occurrence of a risk. Operational risks are those that affect direct operations of the business, for instance, death of a senior officer within the organization, or damage to earlier-on active physical assets. General risks include losses due to natural disasters e.g., earthquakes, floods, tornadoes etc. If the terms of a risk are not well defined in relation to whether they are general or operational, the insurance company could be legally allowed to refuse compensation, which would be a tragedy to the establishment.

(f)  A risk is under successful control if the feedback, after application of Risk Management System, is (or towards) what was expected. Risk perception analysis can also be drawn, and frequency of occurrence of the risk over time evaluated, according to Rowe. If the frequency reduces significantly, then this means that the risk is under successful control. On the other hand, if occurrence of risk stagnates or increases in frequency, then the control measures have failed and re-evaluation needs to be done to make new and better pro-active risk measures.

The system can be influenced in such a way that occurrence of the risk is mimicked. Response of the system to the introduced risk will confirm whether it is strong enough to curb such-like risks in the future. For instance, testing the security system of a firm for backdoors, or testing the protection circuits, distance relays, differential relays etc. of a transformer in an electrical substation.

(g) Systemic risk control covers a wider jurisdiction, encompassing the whole industry. It involves all the values and practices coordinated and shared among firms in, or related to the industry within which the risk of interest exists. These include inflation, regional political stability, trade restrictions among countries etc. Attributes helping in managing the risk are built into the way the community works. A Risk Management System on the other hand is company-based, with a smaller jurisdiction, and is the mechanism the company uses to manage risks within it. It covers risks that are within the grasp and control of the company.

(h) Content of a Risk Management System could as well be described in the context of Risk Management Process, which involves identifying the risk, understanding its implication and deciding what to do. Content therefore include:

1. Register or Inventory of Risks- This is a list of all the risks that have been identified, which are likely to affect the organization.
2. Adequacy of control measures records- Step by step measures in controlling every risk in case of occurrence is stated including insurance against each risk. The short-comings of the control measures and counter-measures to take in case of failure are also stated.
3. Requirement of organization for maintenance of set control measures- A statement of routine checks, testing and maintenance of security measures put in place to manage occurrence of risks is stated.
5. Why a competent management team would prefer to operate with lower loss and risk costs and with higher risk control costs

It is only logical for a team to invest less in risk control with the perception that the probability of the risk occurring is negligible. Money is saved in the process, though still at a risk of losing even more than they would have in case of occurrence of the risk, if better and costlier control measures were put in place.

A reliable risk management system, though costly and maybe reducing the profit margins of the business, will ensure smooth running of operations (Hubbard, 2009). The organization does not need to worry about losses that it could incur in case of occurrence of the risk. If a manufacturing company decides to install a fire system without insurance for damages in case of fire, it could still survive, though operating in the catastrophe area without knowing it, owing its weak system to the probabilistic nature of risks. However, if a fire breaks out, and the fire system fails to put it out, then that’s the end for this company.

The case is different for a company that spends on installing a reliable fire system, and better still insuring the company for losses and damages in case of fire. Though more expensive than the latter, the organization is at peace with itself, with surety of compensation in case of losses resulting from a fire.

RRC power solutions is a Germany-based company dealing in manufacture of custom batteries for all sorts of electronics, from military to personal gadgets. Total Cost of Risk is the sum of the investment made in risk control and the losses incurred in the process. RRC initially invested in protective clothing for the engineers working at their production sites. A single suit costs close to $100 on the lower scale. When it started its own production, the company had 25 engineers working at their production site in Homburg. This means that they spent $2500 in protective clothing alone. Including insurance, fire system installation and safe storage of chemicals used, their risk control in the first quarter of their first year of operation was $70,000.

Despite all that was spent in risk control, the high demand for custom batteries and its first government contract to build long lasting batteries to be used in military operations brought in profit, that covered all that was spent. The need to expand had them investing more in building a bigger premise, better safety systems and more advanced protective clothing for its employees. Actual figures are not provided, but the profits reduced.

An incident occurred in 2013 when there was an explosion in one of their labs, during a test for a new battery technology for E-bikes. The fire system was overwhelmed and a section of the lab was badly damaged, destroying most of the research and two employees were also badly burned while trying to save their research. The insurance company initially filed a suit of negligence but later dropped it on accounts of circumstantial evidence which cannot be legally used to prevent compensation. The company was compensated by insurance for the damages, but delays in coming up with a more efficient battery for the bikes still cost them a lot of money. The damaged models had to be recreated and improved to meet the demand of the ever growing customer base. The insurance company never paid for the money spent and lost on research, and losses due to business stoppage after the fire and during investigation.

There are two broad classifications of risks, systemic and unsystemic risks. The latter is inherent to the whole market, affecting a large number of assets. It is very unpredictable and impossible to avoid. The former is company-based, affecting only a small number of assets and is sometimes predictable thus can be avoided.

Interest rate risk is a systemic risk that involves fluctuation of interest rates on investment’s value, in a spread between two defined rates, in any interest rate relationship including the yield curve. These changes affect securities adversely but are possible to reduce through hedging i.e., interest rate swap or diversification i.e., fixed-income securities investment.

Economic growth- In the mortgage market, for instance, when people borrow money to buy houses, the banks lend them. The banks get this money from their own depositors. If a bank pays 3% interest on a four year GIC, and 6% on a four-year mortgage, the bank makes 3% Net Interest Margin. In the case of demand for mortgage borrowing going up, and if the bank doesn’t have enough funds to lend all borrowers, then it raises its GIC rate to attract retail funds or issue bonds. The funding may sometimes be hard to come by, and the banks are forced to increase their mortgage rates to reduce the number of people borrowing. This in effect cuts across all other financial institutions and all rates increase.

1. Monetary Policy- All central banks alter supply of money into the economy to control inflation and also try to manage the respective countries’ economy. To increase money supply, central banks deposit their money into their accounts in commercial banks. This causes a reduction in interest rates. However, if it takes money from the economy, or holds its reserve, interest rates go up. Since businesses are not given a heads-up on when supply goes up or down, they either earn profits or incur losses.

• Inflation- When investing, an investor needs to maintain or increase his or her purchasing power. Therefore, in case of an inflation, the investor will want to lend money at a high interest rate for the longest time possible. For instance, during the inflation in the mid-1980s, lenders charged very high interest rates so as to offset the levels of inflation and make profit.

1. Fiscal Policy- This refers to the way in which governments spend money to finance their activities. High levels of government borrowing and expenditure leads to “crowding-out” effect making it difficult for companies to borrow from lending institutions. Interest rates automatically increase.
2. Variability- The risk cannot be predicted, just like many other risks, due to uncertainty of future occurrences. There is always a difference in what happens to what is expected to happen, bringing in the element of surprise. The government can pass a policy of reducing interest rates on loans given by banks. This affects interest rates on all securities and assets attached to the banks, and by extension, to other establishments.

• Timing difference- Banks and other financial intermediaries sometimes have timing differences in repricing of bank assets and maturity of fixed rates, liabilities etc. Such mismatches can expose a bank to unexpected fluctuations as interest rates will vary. A bank that did a short-term deposit and funded a long-term loan faces a decline in the two if interest rates increase. The declines come about because cash flow on the long-term loan are fixed all through its lifetime, while interest paid on the funding varies, and only increases after short –term deposit has matured.

• Imperfection correlation (during adjustment of rates)- This involves rates paid on instruments with similar repricing features. Differences arising from changing the rates brings about cash-flow changes that are properly spread between assets and liabilities of the same repricing frequencies. This therefore links basis risk to interest rate risk.
• Repricing mismatches- These expose banks to changes in shape and slope of the yield curve. Unanticipated shifts in this curve will have adverse effects on banks’ income or worse still, underlying economic damages. For example, an underlying economic value of long-term position in a 20-year bond hedged by a similar short position 10-year notes could reduce sharply in case the yield curve steepens, even if that position is well hedged against parallel shifts in the curve. This links Interest rates risk to yield curve risk

Options embedded in many bank assets, OBS portfolios and liabilities are an increasingly and additionally relevant source of interest rate risk. An option provides its holder with the right (not obligation) to buy, sell or alter cash flow of a financial contract or an instrument. Options may be over-the-counter(OTC) contracts, exchange-traded options or embedded within standard instruments. Banks use OTC or exchange-traded options in trading and non-trading transactions.

 They include notes and bonds with put and call provisions, many kinds of non-maturity instruments of deposit which give those who deposit the right to withdraw money at any time, often with zero penalties, and loans which give debtors the right to prepay balances.  If this is not managed adequately, the asymmetrical payoff feature of instruments with optionality characteristic will pose a significant risk, specifically to those who sell them. This is because the options held, either embedded or explicit, are exercised to the holder’s advantage and the seller’s disadvantage. Any increasing array of options can give one significant leverage which can increase the options positions’ influence on the firm’s financial condition.

A risk matrix is a simple table used when doing risk assessment to define extent of risk by examining the group of probability or likelihood versus the category of severity of consequence. From the table, the occurrence of the interest rate risk is of likelihood C “moderate” and is of consequence 4 “major”.

The above risk matrix is of Australian standards. A risk is evaluated basing on how likely it can occur (Likelihood), and the level of damage it can cause (Consequence). Choice on likelihood of occurrence of risk is based on history of occurrence of the risk and personal judgement, and so does consequence. Likelihood of occurrence of interest rate risk is “moderate” and has “major consequences”. Likelihood of occurrence of this risk depends on government policies majorly. When issuing bonds, interest rates go up to attract banks and other investors. This can happen at least thrice in a year with major consequences to financial institutions especially those that offer banking services. When the government reduces flow of money to the public through the Central Bank, interest rates on loans rise, and few people and institutions take these loans. The consequence on corporate banks is massive as profit margins reduce significantly.

Therefore, I picked these scores due to their propensity in effecting huge changes in profit and loss margins to banking businesses.

Matrices are used during risk assessment to rank risks and therefore propose counter measures, evaluate the level of risk associated with an identified hazard and to re-assess a risk in demonstrating the effectiveness of control measures. It provides a platform on which people can come up with a relationship between likelihood and consequence, which are considered to be the two major elements of risk. A matrix reduces the continuum of risk into classifiable bands i.e., low, medium or high, which are often allocated colors, red for the most extreme hazard, and green for the low risk hazard.

Viner’s paper proposes a risk to be a function of frequency and consequence i.e.,

Multiplication of the two elements gives a quantitative basis for analysis of risks, but is not widely used, as risk matrices are based on statement arguments and personal judgement on issues. Such multiplication produces lines of equal magnitude of risks which cannot be modelled accurately hence, increasing errors in risk assessment using matrices. They are also not widely understood, therefore not used much internationally. According to Cowley, assessing risks using Risk Matrix is normally inaccurate  of the time. Bias and subjectivity by users has made this method highly untrusted. Individuals have been found to systematically misperceive risk. There is also very limited research showing if matrices assist in making decisions related to risks.

Figure 1 Example of a two dimensional risk matrix

Cowley’s paper concentrates on risks associated with workplace safety and health, questioning the basis of reliance on matrices for decision making on risk-based events.

There are matrices that have been developed for specific applications within the OHS (Occupational health and safety) domain. Using different matrices for different risks could lead to a mismatch in descriptors of likelihood and consequence leading to errors in risk analysis.

At the intersection of a raw and a column, the cells arrived at represents the likelihood and consequence of a risk at that point, which is treated as a score. Boundaries between cells therefore show that each of the cells is categorical, rather than a simple position on the risk continuum. If the function  is plotted, then points with equal risks form curves of the form   as shown

Figure 2 Lines of equal risk of the function

These lines are not aligned with the boundaries or the cells. They instead asymmetrically bisect the cells. Therefore, estimation of lines of equal risks becomes ambiguous and changing the number of rows or grid line positions does not solve the problem. Categorization of risk that results from using such a risk matrix could lead to over or under-estimation of the risk. For estimation purposes, the value of the cells is rounded up to the highest values, considering those on the high level of risk side. The low risk ones are rounded off to the lowest value. Thus, an approximate assessment is made. Rounding up is sometimes however, less useful when the lowest column and row are put into consideration. They will always have low data points whichever the level chosen.

Another fundamental purpose of the risk matrix is its ability to rank all risks and corrective actions in their order of priority. However, this cannot be guaranteed.

Cox, a risk analyst, says that for a risk matrix to be considered logical, points in a high risk group should have greater values than those in the lower category. Small likelihood or severity increases should not move directly from a low to a high point without an intermediary group.

He argues that quantitative risks in a group or category should have the same rating qualitatively.  

Risks already assessed to be of high likelihood but of low consequence, hence ‘low risk’ should not be given much attention by the organization as compared to the others.

With the bias associated with assessment of risk using risk matrices, Health and Safety Executive in the UK has published materials bypassing risk assessment step of risk management by identifying these risks and simply making decisions on how to handle them.

Lack of specifications for designing and interpreting risk matrices have made it almost impossible to come up with accurate results in risk assessment. All these weaknesses in risk matrices are further consolidated by human bias, as assessment is solely based on one’s judgement which may be influenced by personal experiences, ideologies etc. 

While taxiing his air force jet on the run-way, a pilot gets ejected from his safety rocket seat (SAF), lands on the run-way and dies due to impact injuries.

While taxiing, he may have accidentally pulled his ejection seat’s handle, hurling him off the plane prematurely leading to his death.

The seat may have had mechanical problems, like in the case of Lt Sean Cunningham of Royal Air force whose rocket seat failed to deploy its parachute after detaching from his disabled airplane.

The seat was launched. The event study is therefore centered on events that could have caused the accidental launch.

An electrical fault in the ejection seat handle may have had a short circuit, and its fuse protection failed. This would have then sent an electrical pulse signal to thrusters to unlock the hatch, rotate it out of the airplane’s body to the airstream. Installed on the back of seats are the pitot tubes that sense aerodynamic pressure around the craft to get its speed. The information is then to the processing unit which the gauges the proper altitude to eject the seat.

Launch initiation happens at different times due to different altitudes and speeds. The seat therefore got ejected from plane.

 

Figure 3 Mechanism analysis logic diagram

This is a process by which results of an event are keenly and formally assessed (Bluff & Johnstone, 2004). It gives physical possibilities that could have resulted after the event, making it possible to come up with a well-structured report of damages. It identifies how loss of control was realized after the event and how it was responded to. It also confirms whether efforts to mitigate damages bore fruit. An outcome analysis diagram, just like the event/mechanical analysis diagram simplifies all that happened during and after the event for future reference and application of pro-active and reactive measures. The seats, for instance should not be activated until the airplane is well off the ground. Outcome analysis on the tragedy of Flight Lieutenant Sean Cunningham of Royal Air Force has brought about a lot of pro-active measures including having a back-up parachute incase the one on the seat fails, giving military contacts related to safety equipment to trusted and qualified contractors, proper testing of the safety equipment before fitting them on military planes etc.

I have chosen these questions because they are direct and straight to the point on what actually happened after the seat was ejected. Through them, any interested party can identify new risks and come up with innovations for safety to avoid such unfortunate accidents in the future. With them arises the need to come up with more pro-active measures like controlling the amount of thrust on the seat depending on altitude and speed of the airplane, integrating the seat and airplane with sensors that can stop a launch sequence in case this happens accidentally etc.

The first question is to get an affirmative response on whether the accident really happened.

The distance the ejector seat travelled upwards could be used to make improvements on new seats such that the amount of propulsion will depend on the altitude of the plane from the ground, therefore the need to come up with a controllable fuel and its injector into the engine to be used for propulsion of the seat. The parachutes should be launched at certain altitudes also, and only after the seat has been ejected. More back up parachutes should also be fitted onto the seats to ensure safety.

It is necessary to know if the parachutes were deployed so as to make improvements on faster response parachutes that can be deployed at low altitudes, below 25 feet.

Medevac response could sometimes matter, in cases where those involved in accidents are still alive but on the verge of death. Quicker response should be encouraged.

1. Did the ejector seat get ejected?
2. How far up did the ejector seat get propelled? Could the parachutes have been launched?

• Was it below or above 25 feet?

1. Were the parachutes deployed?
2. How fast was medevac response? Could he have survived the accident?

Figure 4 Outcome analysis diagram

Figure 5 Outcome analysis diagram continuation

References

Australia, S., 2004. Risk Management- Principles and Guidelines. Sydney, Australia: Standards, Australia.

Australia, S., 2009. Risk Management-Principles and Guidelines. Sydney, Australia: Standards Australia.

Bender, W. J., 2004. Simplified Risk Assessment for Construction Clients. AACE International Transactions, pp. 10-13.

Bluff, L. & Johnstone, 2004. The relationship Between ‘Reasonably Practicable’ and Risk Management Regulation. Canberra, Australia: National Research Centre for OHS Regulation.

Botterill, L. a. N. M., 2004. Risk and Risk Perception. Canberra, Australia: Rural Industry Research and Development Corporation.

Budzier, A., 2011. The risk of risk registers-managing risks is managing discourse not tools. Journal of Information Technology, Volume 26, pp. 274-276.

Burnely Ezo, J. w., 2005. Risk Matrices and Its Weaknesses. Beats of the year, pp. 19-27.

Cagno, E. A. D. G., 2000. Risk. Canberra: s.n.

Clemens, P. a. T., 2006. Risk Assessment and Control: is your system safety program wasting resources?. Professional Safety, pp. 12-14.

Cook, R., 2008. Simplifying the creation and use of the risk matrix. London, Springer: s.n.

Cowley, S., 1990. Occupational Hygiene- Measurement or Control?. Hobert, Tasmania: s.n.

Cowley, S. & Borys, D., 2003. Safety Institute to ban Accidents? Safety in Australia. Sydney, Australia: s.n.

Cox, L. A., 2008. What’s Wrong with Risk Matrices?Risk Analysis. An International Journal, p. 28.

Cox, L. A., 2009. Risk Analysis of Complex and Uncertain Systems. Springer, Nw York: s.n.

Crockford, N., 1986. An introduction to Risk Management. Cambridge, UK: Woodhead-Faulkner.

Donoghue, A. M., 2001. The design of hazard risk assessment matrices for ranking occupational health risks and their application in mining and mineral processing. Occupational Medicine, pp. 118-123.

Dorfman, M. S., 2007. Introduction to Risk Management and Insurance. 9 ed. Englewood Cliffs: Prentice Hall.

Drummond, H., 2011. MIS and Illusions of control:an analysis of risks of risk management. Journal of Information Technology, Volume 26, pp. 259-267.

Executive, H. a. s., n.d. Reducing Risks, Protecting people: HSE’s decision making process. Norwich Health and Safety Executive.

Filippin, K. a. L. D., 2004. Major Hazard Risk Assessment for Existing and New Facilities. Process Safety Progress. 1st ed. Alabama: s.n.

Flippin, K. a. L. D., 2004. Major Hazard Risk Assessment for Existing and New Facilities. Process Safety.

Gadd, S. A. D. M. K., 2004. Pitfalls in Risk Assessment. UK: s.n.

Goddard Space Fighting Centre, N., May 2009. Risk Management Reporting. GSFC-STD-0002.

Harvey, J., 2002. Reliability of Risk Assessments: a ststistical evaluation of results from risk assessment tools. Safety in Australia, pp. 23-24.

Hewett, C. P. Q., 2004. Towards a nutrient export risk matrix approach to managing agricultural pollution at source. Hydrology and Earth system sciences .

Hillson, P. S. a. D., 2012. Practical Risk Management. The ATOM Methodology.

Hopkins, A., 2005. Safety, Culture and Risk. Sidney, Australia: s.n.

Hopkins, A., 2005. Safety, Culture and Risks. Sydney, Australia: CCH Australia Limited.

Hubbard, D. W., 2009. The Failure of Risk Management: Why It’s Broken and How to Fix It.. New Jersey: John Wiley & Sons Inc.

Hunt, E., 1996. Assessing Risk Management Process and PRocedure. Relationship between Fighter and bomber ants, pp. 245-248.

Iannachione, A. F. V., 2008. The Application of Major Hazard Risk. s.l.:National Institute for Occupational Safety and Health.

I, K., 2012. What is risk management. Stalingrad: s.n.

Lyytinen, K., December, 2011. MIS: The urge to control and the control of risk illusions. Journal of Information Technology, pp. 268-270.

Middleton, M. a. A. F., 2001. Using Risk Matrices. The Chemical Engineer , pp. 34-37.

Moses, K. D. a. R. W. M., n.d. Development of Risk Assessment. Matrix for NASA Engineering and Safety Centre, NASA Marshall Space Flight.

Papadakis, G. A. a. A. A. C., 2008. The exposure-damage approach in the qualification of occupational risk in workplaces involving dangerous substances. Occupational Safety and Risk at ESREL 2006, pp. 972-991.

Payne, S. L., 1951. The Art of asking Questions. New Jersey: Princeton University Press.

Rowling, M., 2015. New global disaster plan sets targets to curb risk,losses. Reuters.

Talbot, J., 2009. What’s right with risk matrices. Jakes Business Solutions, pp. 10-13.

Tversky, A. & (1992), a. D. K., 1992. Advances in Prospect Theory: Cumulative Representation of Uncertainty. Journal of Risk and Uncertainty, Issue 297-323, p. 12.

Viner, 1996. Accident Analysis and Risk. 1st ed. Melbourne: Derek Viner Pty Ltd..