Management Guide

management   »  risk management   »  risk management process

How to Manage Risk

        posted by , April 02, 2013

Risk management sounds like a daunting process.

Risk management invokes images of sophisticated risk management software, complex processes and highly specialized resources. If you're an investment bank, this may be exactly what your risk management process looks like. However, most businesses don't require the same level of risk management as an investment bank.

For most businesses, risk management is no more complex than any other management discipline.

The following process is often enough.

risk management process


Any risk management initiative begins with scope and risk identification. These activities answer the question — what risks are we managing?

Scope DefinitionDefine the scope of the risk management process. For example, the scope may be a strategy, program, project, department, process or objective.
Identify ObjectivesTake the scope and break it down to the objective level. For example, a strategy or project may have many objectives (goals).
Identify ProcessesTake the scope and break it down to the process level. For example, if your scope is to manage sales risk identify all your sales processes.
Scenario AnalysisWalk through each process and objective to identify scenarios.
Risk BrainstormingUse your lists of processes, objectives and scenarios to brainstorm risks. Involve any stakeholders who might be impacted by risk and subject matter experts.
Apply Common Risk ChecklistValidate your list of risks against lists of well known risks.
Identify RisksDocument and communicate your list of risks.

Assess & Plan

Once you've identified the risks you're managing it's time to assess them and plan to control them.

Risks are assessed according to their probability and impact. Controls are identified for each risk. This generally means that you plan to mitigate, eliminate, transfer or accept each risk.

Evaluate Risk ProbabilitiesEstimate the probability of each risk.
Evaluation Risk ImpactsIdentify and evaluate the impact of each risk. It's often useful to quantify the impact.
Prioritize RiskPrioritize the risks. For example, low probability and low impact risks may have a low priority.
Identify ControlsIdentify controls for risks. Their are four types of risk control — you can mitigate, eliminate, transfer or accept each risk.

Focus on high priority risks. For example, low priority risks are often accepted.
Evaluate ControlsEvaluate the controls for secondary risks (the risks caused by your risk controls). For example, if you transfer a risk by purchasing insurance you may need to consider counterparty risk.
Communicate & Approve ControlsCommunicate the controls to stakeholders for approval.
Develop a Risk Management PlanDevelop a risk management plan that identifies your controls, monitoring, metrics, reporting, communication plans. Develop a schedule for implementation of controls and for reporting.


Execute your risk management plan to control, monitor, measure and communicate risk.

Mitigate RiskImplement the risk mitigation activities in your risk management plan. For example, train your aircraft maintenance specialists in best practices to reduce the risk of human error.
Eliminate RiskImplement the risk elimination activities in your risk management plan. For example, sell a risky investment.
Transfer RiskImplement the risk transfer activities in your risk management plan. For example, purchase flood insurance for your retail locations.
Accept RiskImplement the risk acceptance activities in your risk management plan. For example, the risks may need to be communicated in your quarterly reports to investors.
Monitor RiskA risk is the chance of negative event or loss. Use your list of controlled risks to monitor your business. Negative events and losses can be managed, escalated and reported.
Measure & Report RiskContinually evaluate the the probability and impact of risk to produce metrics that are meaningful to your business. For example, an investment bank may monitor investments to calculate liquidity risk metrics.
Control RiskImplement your risk management plan.

Risk management is a continual process of identifying, accessing and controlling risk (i.e. the process above repeats in a never ending loop).

3 Shares Google Twitter Facebook

Related Articles

Risk Management
The identification, prioritization and control of business risk.

A checklist of the most common project management tasks.

A guide that targets the most common problems managers face. Management is about making problems so interesting that people want to solve them ...

A guide to managing change at the organizational, program, project or team level.

Manage by leading your team.

Recently on Simplicable

22 Change Management Objectives

posted by Anna Mar
The primary objective of organizational change management is to execute an effective strategy. That's easier to say than do. The following secondary objectives (goals) are how organizations deliver change.

The Toyota Way

posted by Anna Mar
In 2001, Toyota published 14 management principles. They're nothing short of brilliant. Since their publication, they've influenced virtually every fortune 500 company.

64 Reasons That IT Projects Fail

posted by Anna Mar
The many paths to project failure.

30+ Management Strategies

posted by Anna Mar
The following strategies look past the management fads. It is a straightforward list of actions you can take to tackle common management challenges.


about     contact     sitemap     privacy     terms of service     copyright