We can never eliminate all risk, as risk-taking is a foundational element of business. Risk management is a disciplined approach to think about, identify, quantify and act to minimize the impact of uncertainty within the critical dimensions necessary to achieve a targeted objective.
Risk management process – Beginning with the objectives and working back to what is necessary to occur to ensure success of our effort, we start with identification to maximize what risks are to be managed – ranging, for example, from suppliers, the approach, the environment, etc. Following identification with quantification of the probability and the potential impact to the approach or outcome, and completing the process with resolution through one of five generic action plans.
For mission-critical efforts more structure can drive to scenario analysis – pairing high uncertainty with high impact on results – to drive one of five generic approaches.
Risk action plans – Acting on identified, quantified and prioritized risk to business, project and/or outcomes can be grouped into one of five generalized approaches. This choice is an element of decisioning, leadership and management.
- Avoid the risk, by altering objectives or methods
- Transfer the risk, although this may transfer only liability
- Mitigate the risk, or reduce likelihood and impact
- Manage the risk by increased control and vigilance
- Accept the risk as a cost of doing business
Leadership alignment to the appropriate level of risk management, coupled with the management team’s commitment to a comprehensive risk management approach, and integrated with other on-going efforts are critical to success of the initiative and the investment in risk identification, quantification and resolution.
A note from the author…. Professor Kaplan (of balanced scorecard fame) has written a great article on managing risk. See Harvard Business Review, June 2012, “Managing risks: A new framework” http://hbr.org/2012/06/managing-risks-a-new-framework