Is your business ready to deal with unforeseen events? These can seriously impact your effectiveness and profitability. We have an approach that increases your ability to respond to the unknown as it happens.
What is risk? Risk is commonly understood to be the possibility of a harmful or disruptive event that leads to failure and/or losses. In the context of change and improvement though, there is another face to risk that of opportunity. Business change requires innovation, taking advantage of new opportunities and managing the risks involved. In this context then, and as defined by HM Treasury,
Therefore Risk Management is the identification, quantification, assessment, prioritisation and assignment of ownership followed economical use of resources to take mitigating action to reduce, minimise, eliminate or anticipate them, and then to monitor and review status and to test preparedness.
Often risk management is seen as risk logs, risk reviews and some business continuity testing. However, good risk management is a way of life – it permeates the way activities are planned, resourced and managed. While it is impossible for organisations to remove all risk, it is important they properly understand and manage the risks to a determined level they are willing to accept in the context of the organisation’s overall corporate strategy. Inadequate risk management can result, as highlighted by Investopedia,
“in severe consequences for companies, individuals, and the economy. For example, the subprime mortgage meltdown in 2007 that helped trigger the Great Recession stemmed from bad risk-management decisions, such as lenders who extended mortgages to individuals with poor credit; investment firms who bought, packaged, and resold these mortgages; and funds that invested excessively in the repackaged, but still risky, mortgage-backed securities (MBS).”
Risk causes are many. They may be caused by market disruptions, strategic failures, competitor activity, errors in design or development, failures in production or operations, legal or financial liabilities, credit risk, accidents, natural causes, disasters, epidemics, regulatory violations or misinterpretations, deliberate attacks, or any event of uncertain or unpredictable outcome. With such a diverse possibility of causes a systematic approach is required to manage risks effectively. That is why we have developed the Risk Management Framework© which has three parts to it:
- Risk Analysis
- Risk and Business Continuity Planning
- Risk Managing
Many risk causes will have similar consequences and therefore similar mitigation actions. This is why our risk management plan is not organised by the long list of risk causes but rather by the likely impacts at different time stages – project/programme, implementation/rollout, and BAU deployment. The plan is set out such that when a risk emerges and the likely impact is identified, the appropriate governance level is easily identified and engaged to review and authorise the mitigation actions. This approach limits surprises and because mitigation actions are predefined, response time is quick, therefore reducing downtime for resources and the likelihood of the impact growing.