Risk management
What is a risk? Definition: An undesirable future event. It
is also uncertain whether it will occur, which actually includes all
future events. There are several types of risks you can consider,
including:
-
Things that are likely to happen.
-
Things that will have a big impact, should they
happen.
-
Things outside of your control. So you just have to
manage your way around them.
-
Things you know very little about, including not
knowing how likely they are to occur (in this case, you can only use
the potential impact of the risk as a guide to whether prior action is
of value).
Risk management includes:
-
Risk identification: Identifying potential
risks and prioritizing them for action. This means sorting out the
risks that are worthy of up-front action on reduction, contingencies
and/or monitoring from those that you will 'manage on the fly' (i.e.
you won't bother with them until they hit you in the face).
-
Risk reduction: Acting to reduce the
probability of targeted risks occurring and/or the impact, should they
happen. (If you're lucky, you'll be able to eliminate the risk
altogether, or possibly reduce it to a 'manage on the fly' risk.
-
Contingency planning: Where you cannot
reduce risks to 'manage on the fly' status, you may want to prepare
people, equipment, actions and processes to 'put on the shelf' in case
the risk occurs.
-
Risk monitoring: Setting up measurement and
other monitoring to spot risks coming so you have time to respond
proactively. Note that setting up process measures through risk
management is a very good way of ensuring that the things you are
measuring are the right things and will lead to actions.
The opposite of risks are opportunities, and many risk
management techniques can also be used for opportunity management.
Risk management is also called Business Risk Management (BRM),
particularly when it pays attention to strategic risks.
See also:
Risk Exposure,
Risk Reduction Leverage,
Risk Matrix, PDPC,
FMEA, FMECA,
Contingency Planning,
Business Impact Analysis (BIA)
|