What does risk management actually mean and why have it? Risk management is quite simply a process that involves identifying, assessing and judging risks and taking actions to mitigate or anticipate them. It also involves taking a structured view about the most important risks to a business, assessing their likelihood and impact and how they would be dealt with if they materialised.
I think a few examples will make it easier to relate to; construction businesses have a threat of theft from their site – a few simple ways to reduce the risk of this occurring would be to control access in and out of the site and by employing security guards.
Another example is jewellery shops; one of their threats would be internal theft, a few simple risk reduction processes would be to ensure all staff are properly vetted and screened prior to employment and to limit access to vaults and showcases with high net-worth jewels. It is important to remember all risks can never be fully avoided simply because of the financial and practical limitations. Therefore all organisations have to accept some level of residual risk, it is how you manage these risks that is the key.
Failure to manage risks stems from the inability to decide what to do and when to do it. Management of business risks is a facet of quality, by analysing and measuring them and ensuring they are properly identified, defined, classified and managed. In ideal risk management, a prioritisation process is followed whereby the risks with the greatest impact and the greatest probability of occurring are handled first and risks with lower probability and impact are handled in descending order.
I find it both extremely alarming and frustrating when I meet businesses that they don’t have any measures in place or are blissfully ignorant. One of the first questions I usually ask a client is how risk adverse they are as a business; this to me is crucial as it instantly gives me a snap-shot and basic understanding of how they conduct their operations, both from an internal and delivery aspect.
It is very common, not just in businesses but even in our personal lives, to be reactive – why do we wait for an incident to happen before we do something? In some instances this is too late, it only takes one serious incident to cripple or destroy a business. Remember, pre-emptive intervention is far less expensive and time consuming than trying to implement measures once a serious incident has occurred.