This week I wanted to blog about risk management and the benefits of using the philosophy. Many companies make an attempt to manage risks in their operations but really miss the value that a proactive risk plan can add.
Risk Management can be defined as "Using managerial resources to integrate risk identification, risk assessment, risk prioritization, development of risk handling strategies and mitigation of risk to acceptable levels." Risk is ever-present in daily life. If you wish to cross a street, risk is present......and you may be hit by a car!
Risk management works the same way in a corporation. "If we ___________, there is a risk that __________ will happen." Identifying the risk is the first step to attacking the problem head-on. To ignore a risk, will not make it go away. Plausible Deniability will not matter very much when the risk occurs.
Deciding how much risk your company can accept is a major part of the risk management strategy. If your business is buying and selling stocks, you know you must accept a certain amount of risk in order to maximize your gains. How much risk becomes a company decision. It should be clear to everyone involved.
An airline will certainly want to lower their risk level much more than the example above. Saying a flight "may or may not arrive at the destination" is quite different that saying "a stock may or may not increase in price". You can understand the analogy.
Risks that are identified by a company should be quantified and qualified in writing. This may sound confusing but in reality, it simply means ranking the risks. The ranking may be according to several variables such as monetary consequences as a result of the risk happening. Another ranking may be loss of customers, or legal exposure to lawsuits. Both of these examples will result in negative results however, a risk can also be a positive risk. For example, having more retail customers that you are equipped to handle is a positive risk.......too much of a good thing. If you cannot satisfy the increased customer base, you will loose some of the customers. Is that an acceptable way of mitigating the risk for your company?
After ranking the risks, upper management must make a realistic determination as to what loss is acceptable for the company. If too many customers is the risk, management will certainly want to capture as much business as possible but preparation for this risk will certainly cost money (something upper management rarely wants to hear). There will be a need for more employees, more hardware such as checkout equipment and software that can handle the increased transactions. Store hours may need to be extended (higher payroll costs) and an increased inventory of a new product necessary. This may create logistics problems and even more risks. Ah...decisions, decisions.
There are four (4) ways to effectively deal with risk.
The first is avoidance. Risk can be eliminated usually by eliminating the cause.
The second is mitigation. This is done by reducing the risk event probability, risk event value or both.
The third is acceptance. Just decide to accept the consequences and take it from there.
The fourth is transference. This is done by removing the impact or consequences of the risk event. Buying insurance is an example.
A contingency plan involves the development of alternative courses of actions which may include changes in schedule, resources or contract.
Only upper management can decided what the risk tolerance is for their company. Being proactive in identifying, ranking, mitigation and evaluation is the best approach to risk management.
Until next time, Think Quality!