What is risk management for?
A priori a very high level subject and yet not so complicated if you look closely.
The year 2020 will be forever etched in history and in our memories by the realisation of the health risk We all know the term "global pandemic". Yet we can all think of an executive who, when you tried to make him aware of the risks to his business, said "The health risk of a pandemic? No, that will never happen.
Today it is a reality that global health risk will now be part of our risk mapping possible.
Covid-19 or not, managing risks is your daily bread without even realising it sometimes. As a personal and professional manager, you are taking risks. It is not a matter of saying on a roll of the dice whether the risk exists or not and what you do with it.
Risk management allows toidentify all the risks in your organisationThe aim is to identify the key elements of an activity, a process, a task or a project. The aim is to analyzes, to evaluateand then to decide on the 'how'. manage them through actions.
What is a risk?
A risk is the likelihood that an event It is a negative thing that happens and prevents you from achieving the objectives you have set. It is a prejudice towards you, your employees, your project or your company which will impact results, health, etc. Depending on the context a risk will be negative, positive or even neutral.
For example, the COVID-19 pandemic is a negative event, one of the consequences of which, containment, will have slowed down companies that have not yet taken the step towards remote work. And more broadly, digitalization.
For other companies this event is an opportunity for development because of their strengths: adapted working methods and tools. They were able to adapt very quickly.
A negative risk therefore implies actions Accept, modify/mitigate, avoid or transfer this risk.
In risk management, what are the types of risk?
The following risks undoubtedly exist in your company at different levels depending on your sector of activity, organisation,...
L'the challenge of risk management will therefore be to identify them first.
Risk management: where do I start?
When you run a company or a project, you are responsible for it. You started with the general idea.
This idea was translated into a business model. Then you materialised a first Business Plan or an annual budget, and/or by a Project Management Plan.
You have described the 'what' in detail :
- What you sell/build and why,
- Which customers you sell to,
- What resources you need,
- By what means you sell/build it,
- At what price do you sell it or at what total project cost,...
In summary, when you have established the overall context, you have touched on the external and internal environment of your organisation.
For understanding the internal and external context of your business, or project, with perspective, you may have used the SWOT (Strengths Weaknesses Opportunities and Threats) or PESTEL.
From this context you will be able to define useful criteria to understand the risks of your business or project. It is best to do this in a comprehensive way.
And now you're thinking it's complicated? If this is the case, start with a smaller perimeter than your entire organisation. For example, a department, a task, a key process for you (e.g. hiring, sales, purchasing and supply, invoicing, etc.) or a management tool.
Rest assured, the interest is twofold. This approach allows you to identify the assets that are essential to you on the one hand.
On the other hand you will be able to define your 'appetite' for risk. This is because you will understand the maximum level of risk you are prepared to accept in order to achieve the objectives you have set for yourself. Understanding your context is therefore essential beforehand.
Identifying your risks in practice
You need to define :
- The WHATthat is, the nature of the risk that would impact on your company's objectives and expected results; for example, the "Removal of an employee from the workforce
- The HOWs, i.e. the possible cases of incidents e.g. dismissal, resignation, retirement, end of trial period, abandonment of post, etc.
- The CONSEQUENCES positive and/or negative; e.g. the financial cost to the company due to data loss or leakage because of continued access to internal information systems, or unreturned equipment, ...
- The WHYThis is the root cause, or origin, of the event. This is essential to define the "WHAT TO DO" when dealing with the risk; for example, the departure of an employee whose harassment was not detected
- The TRUEBACKINGThe likelihood of this harmful event occurring, for example, can be rated on a scale from very rare, 0, to very common, 7.
Risk management: how do I measure?
You have identified your risks. You have analysed the possible consequences and the likelihood of it happening. In the same way that you have defined the ingredients for a recipe, you must now define the weight of each ingredient. In short, the limit that should not be exceeded.
In risk management, we talk about a criticality scale. This will allow you to assess whether the risks are acceptable, to be monitored, or whether they require substantive action.
In combining likelihood and impacts, that is, the consequences, you will know determine when the risk is major, significant, medium or low.
Here is a simple example of how to prioritise the risks you have identified, analysed and assessed.
Risks 1, 2, 3 and 4 are indicative examples. They depend on the overall environment of your company.
Risk management: what to do at last?
Final risk assessment stage you need to decide "WHAT TO DO". It is time to decide on the right treatment.
By combining the likelihood and impacts, consequences, you will know determine when the risk is major, significant, medium or low.
Our advice: Conclusion
Throughout the life of your company you are and will be involved in risk management. You will constantly monitor current and emerging risks and actions to make the best possible decisions.
It will be important to communicate andinvolve the right people internally and externally for intelligent and relevant management with the right mix.
The risk management will help you to anticipate certainly and moreover to capitalise on your experiences to continuous improvement risk assessment, identification, analysis and treatment.
Risk management is a a real tool for performance and security of your business, and even your well-being. In short, don't wait until the last moment. Prepare and anticipate.
Do you want to manage your risks? Do not hesitate to call on the team of our business consultancy to help you.