The Role of Risk Management

Risk management is often looked upon as being a purely financial or insurance issue while its rightful place is as part of everything a business does and what it stands for. Yes, if a risk occurs it affects costs and revenue but these might not be immediate, and even if they are insurable there will usually be losses that are not recoverable.

All organisations need to include risk management as part of their governance considering it from the perspective of the organisation as a whole. Risk management combines the likelihood of a risk occurring with the impact that it would have if it did occur, revealing those risks which would jeopardise the organisation. Typically these include relaince on key staff, key suppliers and key customers. Often it is the detail that reveals just how important some items are, the places where bottlenecks occur, where product failure could occur, where customers bring complaints.

We approach this subject through the establishment of a framework and a process. The framework is tailored to the organisation to ensure that it meets the purposes and culture. The process identifies the risks and how they will be managed.

Risk Management is an inherent and essential part of all business management. In many texts it is associated specifically with financial and insurable aspects, but it rightly belongs to business and organisational activities overall. Recognising this, every business, every project and every programme should include continuous acknowledgement of the risks involved, and a robust approach to the management of those risks. The overall context for this approach may be simplified as ensuring that the residual risk is acceptable, meaning that

‘if a risk is unacceptable, the project cannot be taken on or continued’.

This makes risk management the most important aspect of project, programme and business management. If you know the risks to your business and to the projects you engage in, you are in a position to mitigate them, to manage them, and to make them acceptable. All organisations need to understand the risks they face.

No project should begin without an assessment of the risks.

There was a time when Risk Management was simply part of Project Management. The strategy was developed, major potential problems considered, and appropriate action agreed. At that time risks were rarely recorded and the means by which they would be managed were not clearly stated. The essence of what has become regarded as the process of Risk Management has become an organised and recorded part of the best-run projects. This has extended into normal business operations as all businesses have risks. It is common practice to provide a written statement of what the risks are and how they are treated, and how regularly they are reviewed.

In some sectors this has become a regulated element of their operations, as, without adequate risk management, there is a real possibility that the businesses will be regarded as being poorly controlled or, in extreme cases, will fail. This is especially so in the financial sector, as has become abundantly clear in recent years with high profile cases causing profound uncertainty in international stock markets.

Facilitation of Risk Management exercises is at the core of our work.

To review risk management in your organisation please ask.

The Risk Log

To be useful it is usually necessary to tailor risk logs to the needs of the individual organisation. Creating a risk log can be achieved over a number of sessions rather than in a single visit. There are several aspects to consider, the main steps being:

Understanding risk management and gaining acceptance of the purpose;
Developing a framework to make sure that the purpose can be met;
Agreeing and then running a process to complete the risk register;
Reviewing this to confirm that it does meet the requirements;
Agreeing a risk review process to keep the register up to date.

If you would like assistance in the development of your approach to risk management and the creation of a risk log please contact us.

The Issues Log

In parallel with the risk log it is useful to create and maintain an issue log identifying questions when they arise, and the agreed solutions. The structure of an issues log is similar to that of the risk log bit theire is a fundamental difference: issues have happened and need to be resolved whereas risks might happen and need to be managed. Key points that might be included are:

Exactly what the issue is;
When it was raised and when it needs to be resolved;
Why it matters;
Who will make the decision;
How it will be commnicated.

For assistance with risk and issue management please ask.