Implementation assistance for risk management
Recommendations for variables, methods, and increasing data processing as a basis
von Lukas NikelowskiIn recent years, corporate risk awareness and interest in supply chain risk management have grown in research and in practice. Reason for this is e. g. the growing market vulnerability triggered by pandemics, wars or natural disasters. Further, technological progress e. g. concerning digitization creates new types of risk like cyberattacks.
To cope with emerging risks, companies need to implement appropriate risk management by executing the steps of risk-identification, -assessment, -mitigation and -monitoring tailored for the own business. Besides the situation that literature offers additional steps or renames the mentioned ones, e. g. the number of risk assessment methods with different execution requirements is high. Therefore, the implementation of a risk management tailored to the individual company situation is time-consuming and difficult due to the large number of options. In the literature, there is a lack of studies on practicable models and generally pragmatic support for this procedure.
Before a company can start implementing risk management, sufficient data processing is required. Every step of risk management depends on data, such as reviewing historical data on incidents that have occurred to identify risks. Further, risk assessment requires data such as the extent of damage or frequency of occurrence of a risk, to evaluate the level of risk. During the risk mitigation data are required to find suitable mitigation measures and to evaluate the changes. Also, for risk monitoring data like real time data are necessary to monitor the existing risks. The availability of data is increasing rapidly, but there is a gap between the potential of data processing and the actual use of the data. Several obstacles create a reluctance to process data.
This dissertation supports the preparation for the four common steps of risk management. For riskidentification, -mitigation and -monitoring, necessary- and sufficient variables for successful risk management are elaborated. For risk assessment, an application-specific selection procedure is derived to assist in deciding for the most appropriate method.
Where a specific field of action could be included in this study, supply risks were focused on as important risks for the stability of e. g. production, since risk management is not sufficiently practiced in the manufacturing environment in particular.
Further, this dissertation supports the procedure of dealing with data processing obstacles. Commonly discussed obstacles in the literature are identified to provide an understanding of the barriers that organizations face, as well as a procedure for application-specific prioritization of data processing obstacles is given to provide an answer to the question of how to deal with these barriers.
To cope with emerging risks, companies need to implement appropriate risk management by executing the steps of risk-identification, -assessment, -mitigation and -monitoring tailored for the own business. Besides the situation that literature offers additional steps or renames the mentioned ones, e. g. the number of risk assessment methods with different execution requirements is high. Therefore, the implementation of a risk management tailored to the individual company situation is time-consuming and difficult due to the large number of options. In the literature, there is a lack of studies on practicable models and generally pragmatic support for this procedure.
Before a company can start implementing risk management, sufficient data processing is required. Every step of risk management depends on data, such as reviewing historical data on incidents that have occurred to identify risks. Further, risk assessment requires data such as the extent of damage or frequency of occurrence of a risk, to evaluate the level of risk. During the risk mitigation data are required to find suitable mitigation measures and to evaluate the changes. Also, for risk monitoring data like real time data are necessary to monitor the existing risks. The availability of data is increasing rapidly, but there is a gap between the potential of data processing and the actual use of the data. Several obstacles create a reluctance to process data.
This dissertation supports the preparation for the four common steps of risk management. For riskidentification, -mitigation and -monitoring, necessary- and sufficient variables for successful risk management are elaborated. For risk assessment, an application-specific selection procedure is derived to assist in deciding for the most appropriate method.
Where a specific field of action could be included in this study, supply risks were focused on as important risks for the stability of e. g. production, since risk management is not sufficiently practiced in the manufacturing environment in particular.
Further, this dissertation supports the procedure of dealing with data processing obstacles. Commonly discussed obstacles in the literature are identified to provide an understanding of the barriers that organizations face, as well as a procedure for application-specific prioritization of data processing obstacles is given to provide an answer to the question of how to deal with these barriers.