What is risk?
A state of uncertainty where some of the possibilities involve a loss, catastrophe or other undesirable outcome. (Borrowed from: The Failure of Risk Management: Why It's Broken and How to Fix It
by Doug Hubbard)Risk is measured by:
- Impact: How severe of an impact will there be if the risk occurs?
- Likelihood: How likely is it that this risk will occur?
- Example: The impact of a plane crash is that there is a that I may die (66% chance actually). The likelihood of my plane crashing is 1 in 11 million.
How do you identify risks?
Risks are events that, when triggered, cause problems. Risk identification can start with the source of problems, or with the problem itself.
Examples of risk sources are: stakeholders of a project, access to/stability of funding, or political influences.
When either source or problem is known, the events that a source may trigger or the events that can lead to a problem can be investigated. Example: Stakeholders withdrawing during a project may endanger funding of the project.
Risk Management vs. Risk Mitigation
Risk management is the identification, assessment, and prioritization of risks, followed by a coordinated and economical application of resources to minimize, monitor, and control the likelihood and/or impact of events.
Risk mitigation is a way to manage risk.
Organizations often focus a lot of effort on risk mitigation, and much of their risk management language is centred around risk mitigation.
But there are other ways to manage risk…
Ways to manage risk:
(1) Avoid it.
Eliminate the risk, withdraw yourself from being exposed to the potential of it.
Example: I don’t want to die in a plane crash, so I will no longer fly in airplanes.
(2) Reduce it.
The primary choice of many organizations. Find ways to mitigate your risk – reduce its likelihood or impact.
Example: Always take a direct flight. Most plane crashes occur on take-off or landing. So mitigate the likelihood of the risk by reducing take-offs and landings.
(3) Share it.
Transfer, outsource, insure or find other ways to share your risk with a partner.
Example: My Home Depot credit card. Home Depot wants to drive customer loyalty by offering store credit, but they don’t want to assume the risks of late payments, people defaulting, refunding charges because of stolen cards, etc. So they partner with CitiGroup, who runs similar programs for several dozen other stores. They share the risk with a credit company, who in turn shares the risk across customers gained by issuing cards to dozens of stores.
Could you share risks with your strategic partners?
(4) Own it.
Risk happens. Sometimes you need to accept that the risk is a part of the business you’re in, and budget for the occurrence of it.
Example: The Government of Canada self-insurance of drivers / vehicles. The GoC has accepted that car accidents will happen on the job involving its employees. The cost of accepting the risk and budgeting for costs associated with car accidents is less than the cost of transferring the risk to an insurance company. So the GoC self-insures.
Risks vs. Challenges
Remember, a risk is a state of uncertainty where some of the possibilities involve a loss, catastrophe or other undesirable outcome
Challenges, then, are states of certainty where loss, catastrophe or other undesirable outcomes will occur.
The same management techniques apply. The only difference is you know the likelihood of these events is 100%.
Integrating risk into planning
Establish a picture of the risks you face as an organization (risk profile)
Identify risk management strategies for key activities / objectives.
Identify risk mitigation strategies (where appropriate) for your deliverables / milestones.
Read more on risk management.
No comments:
Post a Comment