Management Guide

management   »  risk management   »  risk management process

How to Manage Risk

        posted by , April 02, 2013

Risk management sounds like a daunting process.

Risk management invokes images of sophisticated risk management software, complex processes and highly specialized resources. If you're an investment bank, this may be exactly what your risk management process looks like. However, most businesses don't require the same level of risk management as an investment bank.

For most businesses, risk management is no more complex than any other management discipline.

The following process is often enough.

risk management process


Any risk management initiative begins with scope and risk identification. These activities answer the question — what risks are we managing?

Scope DefinitionDefine the scope of the risk management process. For example, the scope may be a strategy, program, project, department, process or objective.
Identify ObjectivesTake the scope and break it down to the objective level. For example, a strategy or project may have many objectives (goals).
Identify ProcessesTake the scope and break it down to the process level. For example, if your scope is to manage sales risk identify all your sales processes.
Scenario AnalysisWalk through each process and objective to identify scenarios.
Risk BrainstormingUse your lists of processes, objectives and scenarios to brainstorm risks. Involve any stakeholders who might be impacted by risk and subject matter experts.
Apply Common Risk ChecklistValidate your list of risks against lists of well known risks.
Identify RisksDocument and communicate your list of risks.

Assess & Plan

Once you've identified the risks you're managing it's time to assess them and plan to control them.

Risks are assessed according to their probability and impact. Controls are identified for each risk. This generally means that you plan to mitigate, eliminate, transfer or accept each risk.

Evaluate Risk ProbabilitiesEstimate the probability of each risk.
Evaluation Risk ImpactsIdentify and evaluate the impact of each risk. It's often useful to quantify the impact.
Prioritize RiskPrioritize the risks. For example, low probability and low impact risks may have a low priority.
Identify ControlsIdentify controls for risks. Their are four types of risk control — you can mitigate, eliminate, transfer or accept each risk.

Focus on high priority risks. For example, low priority risks are often accepted.
Evaluate ControlsEvaluate the controls for secondary risks (the risks caused by your risk controls). For example, if you transfer a risk by purchasing insurance you may need to consider counterparty risk.
Communicate & Approve ControlsCommunicate the controls to stakeholders for approval.
Develop a Risk Management PlanDevelop a risk management plan that identifies your controls, monitoring, metrics, reporting, communication plans. Develop a schedule for implementation of controls and for reporting.


Execute your risk management plan to control, monitor, measure and communicate risk.

Mitigate RiskImplement the risk mitigation activities in your risk management plan. For example, train your aircraft maintenance specialists in best practices to reduce the risk of human error.
Eliminate RiskImplement the risk elimination activities in your risk management plan. For example, sell a risky investment.
Transfer RiskImplement the risk transfer activities in your risk management plan. For example, purchase flood insurance for your retail locations.
Accept RiskImplement the risk acceptance activities in your risk management plan. For example, the risks may need to be communicated in your quarterly reports to investors.
Monitor RiskA risk is the chance of negative event or loss. Use your list of controlled risks to monitor your business. Negative events and losses can be managed, escalated and reported.
Measure & Report RiskContinually evaluate the the probability and impact of risk to produce metrics that are meaningful to your business. For example, an investment bank may monitor investments to calculate liquidity risk metrics.
Control RiskImplement your risk management plan.

Risk management is a continual process of identifying, accessing and controlling risk (i.e. the process above repeats in a never ending loop).

3 Shares Google Twitter Facebook

Related Articles

Risk Management
The identification, prioritization and control of business risk.

Management has many faces.

Why 80% of success is showing up.

Herding cats ... and 101 other quotations that will ring true for professional project managers.

The many faces of change management.

Recently on Simplicable

10 Examples of Tacit Knowledge

posted by John Spacey
We think of knowledge as something that can be recorded in words, visualized and taught. However, this isn't always the case.

100+ Project Management Objectives

posted by Anna Mar
The following examples of project management goals may help you to design your performance objectives (e.g. MBO or balanced scorecard).

31 Knowledge Quality Measurements

posted by Anna Mar
How to measure the quality of knowledge.

22 Change Management Objectives

posted by Anna Mar
The primary objective of organizational change management is to execute an effective strategy. That's easier to say than do. The following secondary objectives (goals) are how organizations deliver change.


about     contact     sitemap     privacy     terms of service     copyright