See no Evil, Hear no Evil
Every organization knows that there are inherent risks in the environments they operate and in their processes. However, not every organization takes the initiative to asses these risks and come up with a plan to manage them. Many organizations act as if they don’t mention these risks, the risks will never materialize.
Many people also have the wrong notion about risk management. Some assume that it equates to eliminating every risk, but that would either be impossible or financially not feasible. The main focus in Risk Management is to identify the risks and make sure that management is aware of them and then decide whether to: avoid, mitigate, transfer, accept or to exploit each risk (there are actually five steps to Risk Management; Identify, Analyze, Evaluate, Treat, Monitor).
One of the simplest but most effective approache is to use the SIPOC (Supplier-Input-Process-Output-Customer) method for each of the major processes within the organization. The team needs to break down these processes into their critical parts and then use group thinking to come up with potential risks. Once the risks are identified, the next step is to assign scores for likelihood and impact to rate these risks. Based on the heat map, risks that fall within a pre-determined range are identified as requiring action. It is here that the leadership team needs to decide how to treat these risks:
Avoid – eliminate cause of risk or the process causing the risk;
Mitigate – take action to reduce likelihood of occurrence and/or impact of risk;
Transfer – moving the risk outside the organization, potentially to a supplier or a customer who might have a better tolerance for that specific risk;
Accept - accepting that it might happen and deciding to deal with it if it does;
Exploit – making sure opportunity occurs (positive risk).
This is not a static process and it has to be a monitored and reviewed periodically. Overtime, additional risks might present and the circumstances that effect the likelihood or impact of previously identified risks might change, requiring a new risk assessment process. Also, the action items that have been agreed upon, need to be monitored to ensure they are being completed and having their intended effects.
Even though it’s a simple process, there is always a learning curve and organizations might require assistance in coordinating it. Verbum Consulting is here to help you with your Risk Management process and can help your organization to step into the future boldly and more securely.
Verbum Consulting, Getting Ahead of the Game!