In project management, managing risk is a four step process as illustrated in the chart below. The approach is very risk specific for identifying each potential risk. Step one is always to identify the risk. Once a potential risk is identified, assessment of the risk must be done. The severity of impact and the likelihood of occurrence are evaluated. After which, a response to such a risk is developed. The last step is more general as a response to any unforeseen risk being discovered after the risk management plan is developed. I feel that in the context of project management being a process of finite time period, identifying specifics risk is easier than Banking and therefore a useful exercise. However, that being said, every project is different and some in some projects it may be just as difficult or even impossible to list the potential risk. With banks, such a technique would not be fruitful as the number of risk that the bank is subject to are limitless. In general, what risk management is used for in banks is to minimize losses and to minimize the impact of these losses on the stability of the Bank. Stability is very important to banks. That is why Central Banks focus on a bank’s ability to sustain losses and issue regulations for the bank to hold adequate capital to sustain losses. This can looked at as a strategy to reduce possible damage to the overall balance sheet of the bank emanating from a loss event.
This feeds into a risk breakdown structure. All the risk can be categorized into either being technical, external, organizational or related to project management planning.
In contrast, banks use a different approach which is specific to their model. They categorize the source of risk as either being credit risk, investment risk, operational risk or legal & compliance risk. This is in some way is similar to the risk breakdown structure above but more specific to banking.
With modern banking risk management techniques, they have moved towards quantifying each type of risk in the numeric number which is the potential loss. With the potential loss in mind, they hold adequate capital as per the regulations issued to cushion any financial losses. Also to minimize the losses themselves, (step 4: risk response control) banks embed in their strategies and processes & procedures, risk control policies.
For the potential impact (step 3) the techniques used are mostly maths based and depend on track records of previous financial losses that had occurred for a number of reasons in the past. Based on the past data, a likelihood of a financial loss s reached.
In essence, the model presented for risk management in project is a more generalized framework of what most organizations use in running their businesses on daily basis.