Taking a hard look at risk
While cars, planes, appliances, and many other products we use have more and more safety features, it seems as though most everything else around us is becoming riskier. Risks of all kinds seem to be increasing. Between Covid-19, natural disasters, and shortages, things can feel pretty chaotic right now. Instead of letting the chaotic take hold, it’s time to take a step back so that we can know what the risks really are and how to best handle each one. Don’t let Chaos win!
Risk Management process
Depending on the source, Risk Management consists of 4-6 distinct steps.
- Assess risks
- Prioritize them
- Decide which to accept, mitigate, or avoid
- Determine how to mitigate or avoid applicable risks
- Execute those strategies
- Measure results
Where should I start?
The first step is to understand what those are. Are they external, like weather or suppliers? Are they internal, like processes or IT equipment? Since typically throwing tons of money at solving problems is unrealistic, you’ll need to understand the company’s strategic priorities to understand which risks are most important.
Next, look within your organization for opportunities to leverage what may already be in use. Also, you might get additional support for your efforts. Large enterprises will have a Risk department; smaller companies likely not. Perhaps a risk assessment at a high level was already done. Even an outdated risk assessment can give you a starting point. If a particular process is already in use, you won’t have to choose one. You can always work toward maturing the process later, if needed.
Don’t forget third parties!
If you haven’t already (or haven’t recently!) talked to your suppliers about how they are reducing risk or asked for their Business Continuity plan (BCP), we have a handy list of questions to support your due diligence. Don’t wait; now’s the time to tackle this to make sure your vendors are as prepared as you need them to be.
The How and the Getting It Done
#3 is most often handled at the executive level, often with recommendations from Risk Management, IT, and other departments. You definitely want to be a part of the recommendation process, even if you’re not able to be in meetings with top-level management.
Determining what to do about each type of risk really requires deep knowledge for technology-based solutions, but many other solutions may just need a lot of common sense and the voice of reason in a noisy discussion. Do your research and influence what and where you can.
When it comes to executing the selected strategies, not only do you need approved funds dedicated to “making it so,” you also need someone or a team of people delivering good project management skills and tools. While it can be difficult to get funds or enough staff to execute, especially with smaller companies, there are often lower-cost mitigation strategies that can be implement more practically.
Keep in mind that, just like an annual review or post-incident update, the risk assessment process needs to be reevaluated regularly.
Be the expert
I don’t mean “go out and get certified in something” (although that can certainly help your credibility and career). I am talking about being THE resource for your boss, your exec team, or your company. Read up! Keep up with news about disruption and disasters, whether natural or human-made, so that you can educate others about possible risks to the business and why your company needs to address them. Without being the doom-and-gloom person, you can be the voice of reason that brings valuable information to the table.
KingsBridgeBCP offers businesses of all sizes BCP Software Solutions and industry know how based on best practices. From a FREE Edition to a Platinum Edition there is a Shield for everyone. Our software packages meet the wide range of our customers’ needs, ensuring we deliver the best value in every project. To learn more about KingsBridge click here.