Risk Management Procedure

Una Consulting Ltd. Bihać has put in place and practice risk management procedures that help us identify, evaluate, track, and improve the risk mitigation process. The objectives of these procedures are to assist Una Consulting in achieving its strategic objectives by:

  • Protecting our people and assets (financial, property and information);
  • Facilitating optimal use of resources and provide a system for setting priorities when there are competing demands on limited resources;
  • Providing employees, management, shareholders and society at large with grounds for confidence in Una Consulting;
  • Supporting innovative decision-making through the recognition of threats and opportunities.

Risk management is a core management requirement and integral part of our day-to-day operations. Una Consulting is therefore committed to:

  • Ensure that risk management is fully integrated with corporate planning processes and considered in the normal course of activities at all levels;
  • Identify and evaluate significant risks that may influence the achievement of the business objectives;
  • Comply with legislative standards which relate to particular types of risk;
  • Monitor the effectiveness of the risk management procedures;
  • Report the identified weaknesses or incidents in timely manner.

The risk management process embraced by Una Consulting closely follows the methodology of ISO 31000, which provides a generic framework for identification, analysis, assessment, treatment and monitoring of risk.

The risk management process of Una Consulting involves the following five steps:

  • Step 1. Identification of the risk

This is the first step aimed at identifying and describing the risks. There are different types of risks – regulatory / legal risks, environmental risks, market risks, etc. and it is important to identify as many of them as possible. It could be done by using the questions such as “what resources or assets could be affected”, “what is the source of the risk”, etc.

  • Step 2. Analysis of the risks

Once the risks are have been identified, it needs to be analyzed. Risks are compared against the risk evaluation criteria i.e. likelihood of the risk and consequence of the risk by using the tables below.

  • Step 3. Evaluation of the risks

Risks need to be ranked and prioritized. Risk level is a product of risk likelihood factor and risk consequence factor.

The business may be vulnerable to several low-level risks, but it may not require significant intervention. On the other hand, just one highest-rated risks is enough to require an immediate intervention.

Table 3. Risk level

Gradation of risk level is quantified in the following ranges:

Between 1 – 6: low risk, acceptable risk (green color)

Between 8 – 12: medium risk, medium or tolerable risk (yellow color)

Between 15 – 25: high risk, unacceptable risk (red color).

  • Step 4. Treatment of the risks

Risks may be treated by accepting the risk, sharing the risk (e.g. insurance), managing the likelihood of the risk occurrence, managing the consequence of the risk occurrence, eliminating the risk (e.g. by ceasing the activity) and exploiting the risk.

In selecting the most appropriate strategy for treating the risks, an analysis shall be made to assess and quantify possible losses that ensue from the risk and, on the other hand, to assess costs of measures employed to treat the risks.

  • Step 5. Communication and consultation, monitoring and reporting the risks

Proper communication and consultations are essential because there is a much larger pool of information and expertise to enable appropriate solutions to be developed. Each stage of the risk management process should be appropriately monitored and documented.

All employees, management staff and shareholders play part in managing the risks and are responsible for understanding and implementing risk management principles and practices in their work areas.

Reference search

Event announcements