Basic Risk Management for Managers
Managing risks is a necessary part of any Managers job. Whether considering risks to business operations or risks of a particular piece of work or project, managing risks is a necessity of business.
What are Risks?Risks are issues or problems that have not yet happened. They may never happen but they have the potential to occur. Once risks occur they become Issues.
All Risks should be considered by:
Risk Probability: How likely it is for the risk to occur.
Risk Impact: What will be the effect if the risk does occur.
What is Risk Management?The purpose of Risk Management is to understand the potential risks to the business, or an activity, and then decide what action, if any, to take. Once potential risks are understood they are then evaluated according to Probability and Impact.
Low Probability Low ImpactThis Risk has a low chance of occurring and if it does, it has a low impact. For example, our supplier of printer paper may go out of business, however if he does we can always find another supplier as there are plenty on the market. We may decide to live with such a risk as we can deal with it, if it does occur.
Low Probability High ImpactThis Risk has a low chance of occurring however it if does, it will have a high impact to the business. For example, if our delivery company doesn’t have enough vans we won’t be able to deliver all our products to our customers. We may decide that we don’t want to take the risk of this occurring, despite it’s low probability, because it will have to great an impact on our customers. Therefore we may choose to take mitigating action just in case. Such as in my example, I may choose to have further vans available just in case.
High Probability Low ImpactThis Risk has a high likelihood of occurring however if it does, the impact will be low. For example, our software supplier may have informed use that a new release is likely within the next six months, however they have also informed us that there will be very few issues in the new version. In this case we may choose to take action because we know it is likely, or because the impact is low, we may decide to take action only when it becomes a reality.
High Probability High ImpactThis is a Risk that is very likely and it will have a big impact. These are Risks that we cannot ignore and must be addressed.
Taking Action on RisksMitigate the Risk: This is where we take action to minimise the impact should the risk occur. Such as building a floodwall. It doesn’t stop the risk from happening, but it reduces the effects of the flood.
Avoid the Risk: This is where we prevent the risk from occurring. For example, we might decide to move the offices to a new location because we don’t want to take the risk of getting flooded. Because we move the risk is no longer valid.
Retain the Risk: This is where we accept the risk and decide to live with the consequences should it occur. Therefore, in the case of the flood, we will live with the cost of the clean-up afterwards.
Risk Management PlanThis is a document that captures all possible risks and analyses these according to probability and Impact, and then proposed action. In addition Risk should have an owner, a person responsible for ensuring any action is taken.
The Risk Management Plan is something that needs regular monitoring. Risks change in status, new risks come along, and existing risks go away. It’s important to continually re-assess risks and ensure appropriate action is taken.