Effective Risk Management Strategies
By Francis Liska
When evaluating technology solutions, it is important not to lose sight of risks that may prevent your organization from achieving its business goals. On reflection, it is not hard to come up with examples. Perhaps lack of adequate back-up strategies could lead to a loss of data. A hosted or cloud solution may provide some indication that you can get your data back if you leave the service provider, but it might not be in an easily useable format, perhaps putting your business at jeopardy. A vendor may not have a long well established track record, possibly raising concerns about its stability.
Quite often it is challenging for small and medium size organizations to get a handle on the risks they face and as a result risk management is overlooked. As a start, consider your key objectives and ask questions including what can go wrong, how can problems happen and why could they occur. By looking at your options through this lens, you can begin to get a reasonable perspective on the risks you should be concerned with.
Usually no one individual has a full perspective of the risks that could impact your organization. As such, it is necessary to ensure that you include all those who have relevant knowledge of risks that could impact your business as you complete your risk analysis. Completion of a strengths, weaknesses, opportunities and threats (SWOT) analysis relevant to the technology option under consideration may be helpful to identify risks that could impact your organization.
Typically it is not possible to address all risks that have been identified. Risk analysis serves to identify which risks can have a greater impact than others. Risk analysis involves combining the impact of an event with the likelihood of the event occurring using the risk analysis equation which is Risk = Consequence x Likelihood. You may want to rank the impact of a risk as significant, major or minor and rank the likelihood of occurrence as high, medium or low and document your risks in a risk matrix.
Completing this exercise will help you to identify those risks that are more likely to occur and those which may have a greater impact, and help you make decisions about committing resources and effort to manage specific risks.
After risks have been identified and analyzed, the focus shifts to risk treatment. There are various strategies to consider. Risks can be avoided by not proceeding with the activity to which a risk relates. However, such an approach can lead to missed opportunities and elevation of other risks. The likelihood of occurrence could be reduced, perhaps for example by selecting solution vendors with a well-established track record. The consequences related to a risk could be reduced. For example, reasonable assurance could be obtained that data from a hosted or cloud solution provider would be available in an easily useable format if you leave the solution provider. Risks can be shared. A common example of how risks can be shared is through insurance. A firm providing professional advisory services may wish to share risk by acquiring errors and omissions insurance. Finally a decision may be made to retain exposure to certain risks if the exposure is at an acceptable level. Overall, the treatment approach for any specific risk requires a cost benefit analysis to determine the extent to which the cost of treating a potential risk is justified.
Risk management has significant business benefits. Examples include greater potential to achieve goals and objectives, reduced exposure to litigation and non-compliance with legal obligations, enhanced relationships with external stakeholders, and greater likelihood of operating within prescribed budgets.
The Risk Management Standard prepared by a team from three major risk management organizations in the UK, The Institute of Risk Management, The Association of Insurance and Risk Managers, and The National Forum for Risk Management in the Public Sector, is a very good resource for more detailed guidance and direction on risk management strategies.
About the author:
Francis Liska, of the OTUS Group, has a passion for learning and sharing ideas. He is a strategic thinker who excels at carefully considering alternative scenarios to find solutions in a world of seeming complexity. Francis is an owner of OTUS Group, a firm of business advisors dedicated to making businesses stronger. Francis has a blog: Business Perspectives.