July 5, 2011
by Shawn Casemore
Recent events such as the tragic oil spill in the Gulf of Mexico or the devastating earthquake and tsunami that rocked Japan should challenge current thinking around developing risk management plans. Developing plans deemed easy to understand and apply by those executing the strategy is of greater value—and will lead to faster implementation—than those created and rolled out from an organization’s upper levels.
Developing risk management strategies at the upper level of an organization is valuable for boards and other key business stakeholders. However, this creates little awareness or engagement from those who actually carry the strategy out. Ultimately, those in the front lines will execute the solutions to avoid or minimize the risk.
The concept behind determination of risk is quite simple, and hence it’s necessary to have a model which can be applied quickly by those engaged in daily operations, providing a clear understanding of risk priorities, and the mitigating and contingent actions required to successfully deal with any unforeseen circumstances.
Below, I have presented a simple model for calculating risk, allowing for more timely and actionable decisions which in turn reduces the level of risk:
Step 1: Identifying Risks
When evaluating a specific situation or decision, brainstorm with those involved to identify potential risks. List the risks that are both most probable, and have the greatest impact. The chances of a tsunami hitting Japan were low, however the impact of the event was devastating.
Step 2: Prioritize
Prioritize the potential risks that you’ve identified. I often apply a scale of one to three, with one being the lowest priority and three the highest. Prioritization can be based on both the potential for impact and the severity of that impact.
Step 3: Mitigating actions
Identify actions that can be taken to lessen the risk or avoid the risk altogether. List a minimum of two mitigating actions for each risk identified. Increased frequency of maintenance and testing may have reduced the severity or duration of the oil spill in the Gulf.
Step 4: Contingent actions
Identify actions that could be taken and prioritize these based on the perceived success of each action. Identify at least two contingent actions per risk.
Step 5: Summarize
Create a summary that identifies the top risks, based on the pre-determined prioritized risks. For each risk there will now be several mitigating and contingent actions, prioritized based on the likelihood of success.
In today’s global economy, natural disasters can have a significant impact on continuity of operations. Using simple risk management models at the front lines can create an increased awareness of the inherent risks to the business. This increased awareness at the operational level will lead to more thorough action plans, which in turn will reduce risk and provide for a culture of action in the event an unforeseen risk to the business occurs.