In earlier posts, I wrote about the difference between “Risk” (uncertainty) and “risks” (events).
The topic I want to address in this post is how we can use a Risk Assessment as an actual management tool. In an earlier post I said that risk assessments work best when they are focused on determining the level of “Risk” (uncertainty) within a particular Strategy. The technique that we use to determine the level of uncertainty is to use our experience or other resources to identify the potential events (“risks”) that could cause the Strategy to fail. Once these potential events are identified, our next step in the process is to look at the likelihood that they might actually occur.
OK. Let’s say we’ve done these steps. We have now identified the “risks” that might impact the Strategy. Now what do we do? Remember that our goal is to identify whether the overall level of uncertainty in the Strategy is appropriate, given all of the circumstances. How do we do that? Answer – we use our judgment.
In a few cases, such as investment trading strategies, the level of uncertainty in a Strategy might be determined using an analytical model. However, the vast majority of situations require solid judgment. We need to sit back and look at the big picture. How many “risks” did we identify? How likely are they to actually derail the Strategy? Do these “risks” amplify or offset each other? Would these events ramp up slowly, or would they overwhelm us in a matter of seconds? What is our experience telling us? How much uncertainty are we willing to accept relative to this overall Goal?
By asking these questions, we’re beginning to use the Risk Assessment as a management tool. Remember that the reason we’re performing the Risk Assessment is to help us make a management decision – whether the current Strategy is appropriate.
So what happens if we feel a little uncomfortable as a result of the Risk Assessment? Maybe we feel that there’s a too much uncertainty in this Strategy. Perhaps too many things could go wrong and prevent us from achieving our Goal. What do we do now?
That’s an easy answer. We eliminate some of the uncertainty. We create contingency plans that we put into play if a particular event occurs. Maybe we build in redundancies. Perhaps we buy insurance to protect ourselves from a particular event. Maybe we outsource the entire activity to an expert third-party provider. The types of mitigation activities are limited only by your imagination (and budget). By taking these types of steps, the individual “risks” (events) become less likely to actually derail the newly improved Strategy. We’ve added additional steps to mitigate individual “risks” and, in the process, lowered the level of overall “Risk” in the Strategy.
So, the Risk Assessment is employed to tell us about the level of uncertainty within a Strategy as of a point in time. We use this Risk Assessment as a gauge to tell us if the Strategy is acceptable. If not, we tweak the Strategy until the Risk Assessment provides you with the level of comfort that you need.
Guess what – we’re using risk management techniques to actually help us better run our organizations.
What are your thoughts?