Risk Management Blog
Every business venture, from initial filing to product announcement to hiring, carries risk. And while we certainly focus on risk for the big ticket items, we tend to ignore the possible issues for anything smaller than a product launch-- and then get caught unaware when something goes wrong.f course, not every possible risk is worth worrying about. Sure, the volcano under Yellowstone might erupt but the changes are vanishingly small and there's no way to predict or avoid it. But other things, like running over budget or being leapfrogged by competitors, or even setting up some kind of process that ends up causing an exodus at your company, are worth trying to get ahead of.
Where do you start trying to figure out what might go wrong and whether it's worth worrying about? Fortunately, there's a process for that.
Let’s back up a bit. Before you start looking at what might go wrong you’ll need to understand how you (and probably your organization) feel about the importance of what you’re doing. Will you damn the torpedoes and full speed ahead no matter what the risk (for example, a new start-up trying to get the first product out)? Is it a bet-the-company proposition? Is it a trial balloon that won’t be worth too much risk because either the reward is small or the possible damage is too serious to continue? The answers to these questions won’t help you identify the risks, but they will help you decide what to do about risks once you see them.
Now that you’re thinking about what’s important to your project, process or decision, brainstorm the things that could go wrong. If you understand the parameters of the endeavor you’ll be able to more easily see what could derail those parameters, so think about the goals while you're brainstorming.
Let’s assume you have a list of possible issues – or maybe disasters. The next thing to do is to decide whether they are in fact issues or actual disasters and whether you should do anything to address them. The question of where on the scale of issue to disaster a risk falls is called impact. Once you know the impact of a risk, take a look at how likely it is to happen – probability. You can see that some things may have a big impact – like the Yellowstone eruption – but a small probability. You might not want to do anything more about those risks except track them. Some things might have a big probability but they really won’t do much harm and you can see you’d be able to recover. You might not want to spend time on those either.
But for those risks in the sweet spot of high likelihood and large impact, you want to be prepared. Know what they’ll look like if they happen and any warning signs you expect to see. Is there a way you can make them less likely or less destructive? And is that way worth the trouble, money, and/or time?
And what if the risk becomes reality? Contingency plans can help you out there. Knowing what you’re going to do if it happens means you’ll be working on recovery immediately.
While you’re figuring all this out and then applying what you’ve learned, you’ll have to take some time to understand who needs to know about the possible risks and what you’re doing about them. Risk reporting starts with just a red/yellow/green flag and can run the gamut from that high level to a complete risk register and all of your plans and measurements.
The real story here is that you ignore risk at your peril. Using a straightforward process you can anticipate and evaluate potential risks, determine the danger level, reduce the impact and/or probability of some of them, and be ready to respond if an identified risk comes to pass. All you have to do is think about risk in an organized way and then pay attention as you go along.
I've been working with ThoughtLeaders LLC to create a Risk Management class - if you'd like to learn and practice a step-by-step process, check it out at https://www.thoughtleadersllc.com/services/risk-management/