In an earlier post I described risk management as the group of organizational activities that try to improve results by making the unpredictable a little more predictable.
A risk management framework is a systematic way of approaching those activities. I see four main parts to an effective risk management framework:
- A common language. It’s important to share ideas, not just words. The words must mean the same thing to everything otherwise you’re sharing the words but not the underlying concepts. For example, when you use the word “risk” what do you mean? Are you referring to the concept of uncertainty or does your organization prefer to speak solely about specific risk events?
- A primary focus. A good framework can be adapted for a number of purposes, but it typically exists for one primary reason. My personal experience tells me that the highest and best purpose for a risk management framework is to help an organization achieve its goals in a more predictable manner. There are certain attributes of any good framework (see below) that will make it adaptable for a variety of purposes – but every framework must target a specific benefit. For me it’s the achievement of organizational goals.
- Abstraction. In order to make a risk management framework broadly applicable you need rules that describe which ideas are fundamentally similar and which are not. For example, your organization may traditionally use the term “strategy” and “process” in different ways. However, for purposes of a risk framework it may be valuable to abstract these and treat them the same because they both describe the action that will be taken to accomplish some goal. In the case of “strategy”, it may be primarily a high level plan that mostly consists of delegating to others. In the case of “process” it may be a specific activity that a single person will perform. But from an abstract view, they both represent how you will achieve a goal.
- Breadth and depth. A framework needs to be a road map. It should be sufficiently broad that the big picture is easily seen. But it also needs to be supported by sufficient depth and insight so that it can help us understand and take action in a detailed, complex, and often confusing real world. For example, it’s not good enough for a framework to simply define a term like “risk tolerance”. It also needs to sufficiently describe how this concept provides value in the real world to a CFO, a regional sales manager, or a production supervisor.
As I continue with these ‘essence of risk management’ posts I will share the components of a practical risk management framework. These future posts will include my recommendations for common language, abstraction, and depth in order to help everyone use this practical management tool.
You can read more about Performance Risk Management at Risk Leader (rskldr.com)