How to Manage Riskposted by Anna Mar, April 02, 2013
Risk management sounds like a daunting process.
Risk management invokes images of sophisticated risk management software, complex processes and highly specialized resources. If you're an investment bank, this may be exactly what your risk management process looks like. However, most businesses don't require the same level of risk management as an investment bank.
For most businesses, risk management is no more complex than any other management discipline.
The following process is often enough.
IdentifyAny risk management initiative begins with scope and risk identification. These activities answer the question — what risks are we managing?
|Scope Definition||Define the scope of the risk management process. For example, the scope may be a strategy, program, project, department, process or objective.|
|Identify Objectives||Take the scope and break it down to the objective level. For example, a strategy or project may have many objectives (goals).|
|Identify Processes||Take the scope and break it down to the process level. For example, if your scope is to manage sales risk identify all your sales processes.|
|Scenario Analysis||Walk through each process and objective to identify scenarios.|
|Risk Brainstorming||Use your lists of processes, objectives and scenarios to brainstorm risks. Involve any stakeholders who might be impacted by risk and subject matter experts.|
|Apply Common Risk Checklist||Validate your list of risks against lists of well known risks.|
|Identify Risks||Document and communicate your list of risks.|
Assess & PlanOnce you've identified the risks you're managing it's time to assess them and plan to control them.
Risks are assessed according to their probability and impact. Controls are identified for each risk. This generally means that you plan to mitigate, eliminate, transfer or accept each risk.
|Evaluate Risk Probabilities||Estimate the probability of each risk.|
|Evaluation Risk Impacts||Identify and evaluate the impact of each risk. It's often useful to quantify the impact.|
|Prioritize Risk||Prioritize the risks. For example, low probability and low impact risks may have a low priority.|
|Identify Controls||Identify controls for risks. Their are four types of risk control — you can mitigate, eliminate, transfer or accept each risk.
Focus on high priority risks. For example, low priority risks are often accepted.
|Evaluate Controls||Evaluate the controls for secondary risks (the risks caused by your risk controls). For example, if you transfer a risk by purchasing insurance you may need to consider counterparty risk.|
|Communicate & Approve Controls||Communicate the controls to stakeholders for approval.|
|Develop a Risk Management Plan||Develop a risk management plan that identifies your controls, monitoring, metrics, reporting, communication plans. Develop a schedule for implementation of controls and for reporting.|
ControlExecute your risk management plan to control, monitor, measure and communicate risk.
|Mitigate Risk||Implement the risk mitigation activities in your risk management plan. For example, train your aircraft maintenance specialists in best practices to reduce the risk of human error.|
|Eliminate Risk||Implement the risk elimination activities in your risk management plan. For example, sell a risky investment.|
|Transfer Risk||Implement the risk transfer activities in your risk management plan. For example, purchase flood insurance for your retail locations.|
|Accept Risk||Implement the risk acceptance activities in your risk management plan. For example, the risks may need to be communicated in your quarterly reports to investors.|
|Monitor Risk||A risk is the chance of negative event or loss. Use your list of controlled risks to monitor your business. Negative events and losses can be managed, escalated and reported.|
|Measure & Report Risk||Continually evaluate the the probability and impact of risk to produce metrics that are meaningful to your business. For example, an investment bank may monitor investments to calculate liquidity risk metrics.|
|Control Risk||Implement your risk management plan.|
Risk management is a continual process of identifying, accessing and controlling risk (i.e. the process above repeats in a never ending loop).
Risk Management |
The identification, prioritization and control of business risk.
Management has many faces.|
Why 80% of success is showing up.|
Herding cats ... and 101 other quotations that will ring true for professional project managers.|
The many faces of change management.|