A New Era? A Time to (Re) Consider Risk Management
In the unfortunate current climate, it seems somewhat apt to raise the topic of Risk Management. A subject close to our heart as a real means to understand how a business is truly operating.
Risk management is the process of identifying, evaluating and controlling potential threats to an organisation’s capital, earnings and very operation. Whilst the current issue seems to have come somewhat from the unknown, this one, in fact, has been on UKGov’s radar for some time. Below is a snapshot from the UK Cabinet Office’s Risk Matrix (2017), a 5-year’ forecast, and available on their website, so big reveal here.
You will note the most likely, highest impact risk… pandemic influenza….
It is too early to understand the extent to which the UK planned for this particular risk, however, in statistical comparison with other countries such as German, Japan, South Korea etc, they seem to have been able to respond more quickly, significantly reducing the contagion and risk to life.
Notwithstanding this very real and stark example, it highlights that there are a multitude of threats and risks that businesses should plan against.
Risks could stem from a range of sources, including country or industry-wide financial uncertainty, IT and data-related risks, managerial mistakes and terrorism. There are obviously some threats which are higher than others and therefore these must be prioritised and have an added focus applied.
All businesses face risks and the possibility and severity of those will vary from organisation to organisation and industry to industry. It is therefore vital that organisations deploy a risk management strategy in order to be prepared and minimize the potential disruption and increased costs before they happen. An old adage: ‘Fail to prepare and you should prepare to fail’.
When looking into risk management, the leadership team must focus on a range of scenarios and keep in mind some core considerations, such as:
Providing a continued safe and secure workplace
Ensure the business’ operational stability
A dedication to protecting the micro and macro environment
Analyse insurance requirements
A good risk management plan should highlight core risks and the potential damage cross-referenced with likelihood to occur in a ranked system. It is important to focus on the most disruptive and damaging risks too. This is certainly a lesson learned by BP CEO, Tony Hayward, in 2007. Upon joining the oil giant, Mr Hayward vowed to make risk management and safety his top priority. Over the coming years he announced many new rules and regulations across the company including instructing all employees to refrain from using their mobile devices whilst driving and to ensure all coffee cups had lids. Sadly, these changes didn’t appear to focus on the larger risk factors and in 2010 Hayward was in charge when the Deepwater Horizon oil rig exploded in the Gulf of Mexico resulting in one of the worst man-attributed disasters of all time. Furthermore, reports after the event attributed the disaster to management failure that did not allow individuals involved to identify the true risks the operation faced and lacked any proof of evaluation or communicating risk factors to core company employees.
There are a range of widely acknowledged risks a business must consider from credit and liquidity risks rising to country or entire market risk factors. Once identified and ranked a business must move towards managing such risks.
The core approaches to risk management are:
Risk Avoidance – This means not even considering any activity which involves such a risk. This may not always be viable, but such an approach must deflect as many threats as possible.
Loss Control – This strategy involves considerations which make an attempt to minimise the possibility of loss as much as possible.
Risk Sharing – This strategy aims to spread the potential risks across several projects, departments or even businesses to offer a more calculated view of the risk.
Risk Transfer – This approach sees the business, which is originally exposed to the risk, transfer it to another party that is willing to bear such a risk.
Risk Retention – This is the most difficult approach as it simply accepts the risk as a consequence of doing business but acknowledges it must be constantly reviewed and monitored.
It may be that recent events mean we all look at our businesses in a different light and take the process of risk management a lot more seriously.
@Augmentas, we align to the APMP Management_of_Risk methodology, in fact our MD and many of our team are qualified practitioners in it. However, for that and many other qualified sources of advance, we recommend any of the following sites.