Management Guide

management   »  risk management   »  how to control risk

How to Control Risk

        posted by , March 28, 2013

The fishermen know that the sea is dangerous and the storm terrible, but they have never found these dangers sufficient reason for remaining ashore.
~ Vincent van Gogh
Risk is celebrated as the audacious basis for business growth. The idea of "controlling risk" sounds conservative and careful. Something a control freak might do.

Controlling risk isn't as bad as it sounds. Risks aren't necessarily eliminated or minimized. Risk management aims to accept risks that make sense and reduce risks where possible.

The process of controlling risk begins with identifying a list of risks and assessing the probability and impact of each risk. Controls are identified and implemented for each risk.

There are 4 types of risk control:

1. Accept Risk

The stakeholders who are responsible for a risk can choose to accept a risk. For example, the risk that a project may fail may be accepted if the project is of strategic importance.

Risk management may include an approval process for risk acceptance.

2. Mitigate Risk

Actions are taken to reduce risk to an acceptable level. For example, the organization assigns a top performing project management team to a project to reduce the risk that it will fail.

The risk that remains after mitigation is known as residual risk. Residual risks are also controlled (accepted, mitigated, eliminated or transfered).

Secondary Risks

When you mitigate risks it's important to consider secondary risks. Secondary risks are the risks that are caused by your risk mitigation efforts. If you reduce a security risk by applying an update to software — there's a risk that the update itself contains security vulnerabilities. In some cases, mitigation activities are higher risk than the risk they reduce.

3. Eliminate Risk

A risk may be reduced to zero. Normally the only way to accomplish this is to cease the activity that generates the risk. For example, selling a risky investment will eliminate the risks associated with that investment.

4. Transfer Risk

A risk may be transfered to another organization or individual. For example, fire insurance transfers the risk of asset damage due to fire.

The Dark Side of Risk Transfer: Counterparty Risk

It's important to consider counterparty risks when transferring a risk. A counterparty risk is the risk you get back when you transfer a risk. This often takes the form of the risk that a counterparty will fail to meet its legal obligations to you. For example,an insurance company may go bankrupt after a major flood and fail to meet its financial obligations.

3 Shares Google Twitter Facebook

Related Articles

Risk Management
The identification, prioritization and control of business risk.

Managing the chaos called business change.

A guide to risk management.

The 5 commonly accepted ways to define project failure.

Knowledge management is a political topic. It needs the support of executive management to have any chance of success.

Recently on Simplicable

10 Examples of Tacit Knowledge

posted by John Spacey
We think of knowledge as something that can be recorded in words, visualized and taught. However, this isn't always the case.

100+ Project Management Objectives

posted by Anna Mar
The following examples of project management goals may help you to design your performance objectives (e.g. MBO or balanced scorecard).

31 Knowledge Quality Measurements

posted by Anna Mar
How to measure the quality of knowledge.

22 Change Management Objectives

posted by Anna Mar
The primary objective of organizational change management is to execute an effective strategy. That's easier to say than do. The following secondary objectives (goals) are how organizations deliver change.


about     contact     sitemap     privacy     terms of service     copyright