Technique 2.82 Risk Management
Introduction
Risk management (contingency planning) involves understanding and planning for possible events that could have a negative impact, ie what could go wrong.
Need to identify potential risks early and develop strategies to prevent or mitigate the negative impacts.
The aim is to
- preventative (stop/eliminate the adverse event occurring)
- recovery (mitigate/diminish/minimise/reduce the impact of the adverse event happening).
In identifying risks they are 2 types:
- external, ie anything outside your organisation's influence like geopolitical challenges, industry challenges, socio-economic changes, etc
- internal, ie anything inside your organisation like staff, conditions of work, skill levels, etc
Once the risks are identified with possible controls, there is a need to assess the likelihood of each risk occurring, eg
- low, medium or high
- rare, unlikely, possible, likely, almost certain
- numerical ranking like from 1 to 5, with 1 indicating unlikely and 5 very likely
Regularly monitor and evaluate plus update your risk register
Your risk management will be successful if:
- all this risks are identified with time to develop and implement any necessary controls
- your controls are in place in preventing or mitigating risk
- your risk register is kept up to date
- all staff are aware of potential risks and their role in risk management
Identifying and ranking risk
No. |
The risk (what could happen & and how it can happen?) |
Consequences from an event happening | Description & adequacy of existing controls | Likelihood rating (a)*i |
Consequence rating (b)*ii |
Overall risk level (a + b) |
Risk priority*iii |
Notes
i) rare (1), unlikely (2), possible (3), likely (4), almost certain (5)
ii) low (1), medium (2), high (3), very high (4)
iii) top, medium, low
Risk treatment and action plan
No. | Treatment / controls to be implemented |
Risk rating after treatment, etc |
Person responsible for implementing treatment, etc |
Timeframe |
Date completed |
Monitoring |
Reviewing |
Date completed |
How |
When |
|||||||
Most managers are good at understanding single, simple risk and at mitigating against it. However many struggle to understand multi-risks and their relationships to each other plus causality chains.
(source: David Bryan, 2020)