Is traditional risk management practical? If so, why do so many organizations struggle to do it well? As a quick refresher here are the three steps of virtually all risk management methods:
- Establish business objectives.
- Identify and quantify some or all of the risks that may prevent the organization from achieving these objectives.
- Figure out what you are going to do with the resulting risks (e.g. ignore, manage, transfer, assign owners, etc.).
An Practical Risk Management Method (PRMM)
What makes risk management impractical is that it is often a bolt on and/or a parallel activity. In addition, risk management often gets bogged down in too many risks and not enough value add (see my blog “Guns, Telephone Books and Risk?” for more on this). PRMM recommends the following steps:
- Planning = Risk Management. Incorporate risk management into existing operational, tactical and strategic planning; don’t separate the two. Why? Because planning is how organizations manage uncertainty which is a fancy name for Risk.
- Are You Any Good at Change? Evaluate how well your organization responds to change (e.g. when uncertainty becomes certain). When the unexpected happens, was your response chaotic and uncoordinated or did it go more or less to plan?
- How Strong is your ARM? ARM or Antifragile Risk Management is a system that focuses on building robust and resilient organizations. While step 2 above measures the organization in action, this step anticipates your organization’s uncertainty resiliency.
- A Certain Test of Uncertainty. The organization’s risk/opportunity log is used to stress test the work done above. Testing measures the robustness of the organization and the scope and reasonableness of the collected risks. This is the traditional risk management step in PRMM.
- Don’t Stop. Modify/improve your plans and keep going. All of the above activities are meant to be both periodic (e.g. the annual planning process) or continuous.
My next blog are some thoughts on step 1 above, integrating risk management into the planning processes of the organization.