6 steps to risk assessment and management

by Urs E. Gattiker on 2010/11/30 · 24 comments 11.672 views

Managing risk is not sexy. People do not talk about it during coffee breaks, but companies are spending big money on technology that may help reduce their risk.

Image - Twitter - tweet by @TiceWrites - Carol Tice - I've had to pull down my big #Webinar announcement thanks to Feedburner fail on Friday...look for it to pop up again on Tuesday. @ComMetrics comment - using Cloud SaaS (Software as a Service) makes one dependable upon others being reliable - Feedburner failed its customers Fri 2010-11-12Outsourcing a service increases the dependability that things work smoothly (Google took over Feedburner – services have been down several times during 2010).

We describe the combined risk assessment and management process in six steps that can help limit your risk exposure and reduce the chances for:

    3 steps to proper risk assessment

Image - Qantas A380 - emergency landing in Singapore after part of the plane's engine-cover fell off mid-flight. Assessing risk without factoring profit is like trying to tune up your car without knowing where the engine is.

Risk assessment is a process of analyzing potential losses from a given hazard or threat using a combination of:

    - known information about the situation,
    - knowledge about the underlying process, and
    - judgment about the information that is not known or well understood.

The above is the bedrock for ensuring that potentially hazardous operations are carried out safely.

Risk assessment also provides some legal protection if an activity or process leads to an accident or disaster (e.g., a data security breach or the Deepwater Horizon oil spill).

The three steps to proper risk management are:

1. Describing the problem(s). This can be accomplished more effectively if a few questions are posed and addressed amongst stakeholders, such as:

    a) Who must manage the problem (risk owner)?
    b) Who are the stakeholders?

Also, what relationships exist between problems and can stakeholders further help with problem identification and characterization?

2. Performing a risk analysis. This includes evaluating the risks in order to:

    a) Assess the likelihood of recurrence.
    b) Address any uncertainties in estimates.

Everyday, each of us manages risk, from what we have for breakfast to how we commute, and what happens at our workplace.

YouTube Preview Image

3. Defining the options. This requires determining what can be done about the risk issue and how that can be accomplished.

Potential consequences, costs, and benefits of options or actions taken to mitigate risk must also be addressed. These must be identified and spelled out succinctly.

    3 steps to proper risk management

Image - risk - it is dangerous out there - be careful people - watch your backs The objective of risk assessment is to proactively identify areas of highest risk, such as auditing. This allows allocating resources based upon the determination of relative risk.

Risk management is the process of combining a risk assessment with decisions about how to address that risk.

Basically this involves the following three steps:

A. Making sound decisions. Determine the best solutions and how they could be implemented in ways that are:

    - feasible,
    - cost effective, and
    - socially acceptable.

B. Implementing decisions. Find out what actions are needed to implement and deal with any objections or re-assessments regarding the decisions you made in step A.

For instance, doing a project audit two years into a four-year project is helpful. But having to report a huge cost overrun, technological difficulties that will delay project completion (e.g., the Boeing Dreamliner) is not what we call sound risk management.

A Qantas A380 bound for Sydney and carrying more than 450 people had part of its engine cover disintegrate mid-flight. The captain decided to make an emergency landing in Singapore.

YouTube Preview Image

C. Evaluating actions taken. Determine what is an acceptable and effective means of evaluating the effectiveness or appropriateness of the actions taken in the process of risk management.

Image - Just four days after confirming its surprise new logo was, in fact, legit, the GAP is returning to its old design.To illustrate, when a few hundred angry but noisy Facebook fans are able to get a global brand like Gap to reverse its re-branding efforts, this action must be evaluated.

Bottom line
To perform a risk analysis and assessment that will be useful to your organization, you must first define that risk.

Risk assessment is the systematic determination of risk management priorities by evaluating and comparing the level of risk against predetermined standards, target risk levels or other criteria.

The very short video below outlines how to conduct risk analysis, risk mitigation (i.e. reducing your dependency on one supplier), and impact analysis. Worth watching.

YouTube Preview Image

Are you with me on proper risk assessment and risk management or am I completely off?
What have I missed? Please leave a comment; the floor is yours!

Another resource: 2011 trends: Risk management and social media ROI — 2010-12-01


Previous post:

Next post: