LEADING WAYS NEWSLETTER # 49

Practical Risk Management

Speaker Tip of the Month
MEMORABLE PRESENTERS know that knowledge is generic.
Audiences want your opinions and practical experiences.
Consider your last presentation…. Did you sound like a text book, or did you give your audience real value by sharing your war stories?

On to Leading Ways and Practical Risk Management.

A risk is defined as ::
"an uncertain event or condition that,if it occurs, has a positive or negative effect on the business.

Risk management is about identifying, monitoring and limiting risks. In some cases an acceptable risk may be near zero, but in other [non mission-critical] situations higher risks may be tolerated. My approach is for low-cost, but effective plans.

Risks can come from accidents, natural causes and disasters. Risk Management entails organizing activity to manage the uncertainty and threats. It involves people following procedures and using tools in order to follow risk-management procedures.

1. Identification of risk in selected areas of your business.
2. Planning and Mapping out :
          the scope of risk management
          the identity and objectives of stakeholders, and
          the basis upon which risks will be evaluated.
3. Defining a framework for the activity and an agenda for risk identification.
4. Developing an analysis of mission-critical risks.
5. Mitigation of risks using available technological, human and organizational resources.
Long words, so the remainder of this article is to reduce it to the practical.

 Risk management
Risk management is to identify and mitigate risks critical to your business continuing. Identified risks must be assessed as to their potential severity of loss to your business, and to the probability of their occurrence.

These qualities can be either simple to measure, or impossible to know for sure, in the case of the probability of an unlikely event occurring. In the assessment process it is critical to make the best educated guesses possible in order to properly prioritize the implementation of your risk management plan.
Your process should include ::

1. Identifying assets, whether they be people, raw materials, power, inventory, machinery or buildings, and identifying those which are most critical to your business continuity.
2. For each, identifying, characterizing, and assessing all likely threats.
3. Determining the risk i.e. the expected consequences.
4. Identify ways to reduce those risks.
5. Prioritizing risk reduction measures, based on an overall strategy.

Once risks have been identified and assessed, all techniques to manage them fall into one or more of these four major categories:
· Avoidance (eliminate)
· Reduction (mitigate)
· Transfer (outsource or insure)
· Retention (accept and budget)

Avoidance may seem like the answer to all risks, but avoiding ALL risks also means losing out on the potential gain that accepting (retaining) the risk may have allowed.
For example, not starting a business to avoid the risk of loss, also avoids the possibility of earning profits.

Risk reduction involves methods that reduce the severity of the loss or the likelihood of the loss from occurring. For example, sprinklers are designed to put out a fire to reduce the risk of loss by fire. Around computers this method may cause a greater loss by water damage and therefore may not be suitable. As an alternative Halon fire suppression systems may mitigate that risk, but be cost prohibitive.

Risk Transfer – typically by way of insurance.

Risk retention Involves accepting the loss when it occurs. True self insurance falls in this category. Risk retention is an alternative for small risks where the cost of insuring against the risk would be greater over time, than the total losses sustained.

All risks that are not avoided or transferred are retained, by default. This includes risks that are so large or catastrophic that they either cannot be insured against or the high cost of premiums would be impracticable.

So now that we understand Avoidance, Reduction, Transfer or Retention, our starting point is to develop a Risk-Management Plan.

Risk management is simply the practice of systematically selecting cost-effective approaches for minimizing the effect of unplanned events to your business.

One of the key risk management tools is in the development of a Business Continuity Plan.
Business Continuity Planning (BCP) was invented to deal with the consequences of residual risks. i.e., "If this event occurred what would my failover-solution be in order to stay in business?"
Risk management also proposes controls for all risks. These are checks and balances to minimize the likelihood of an unplanned event occurring. Therefore, risk management covers several areas that are vital for the BCP process.
However, the BCP process goes beyond risk management's preventative approach, and moves to the next level on the assumption that the disaster will occur at some point.
Identify the events which should be included in your Risk Management Plan.

These may include :
Mission Critical Y/N

1. Power outage, or brown-out.
2. Water supply interruption
3. Failure of key piece of production equipment
4. Raw materials shipment delayed 30 days
5. Shipping strike
6. Pandemic
7. Owner or CEO long-term disability or death
8. Resignation of financial controller
9. Computer failure
10. Loss of customer (more than 10% of your business) etc…

Establish a Risk Matrix for your business. It is a tool used in the Risk Assessment process, and allows the severity of the risk of an event occurring to be determined.

Consequences can be defined as:
· Catastrophic – Business failure, fire, major client losses; or death
· Critical – Production interruption, person performing critical tasks, raw materials interruption, exchange rate fluctuation; or injury
· Marginal – temporary interruption to your business or business processes – typically 8 -124 hours
· Negligible – impact to your business lasting less than eight hours. Injury
The Probability is identified as 'Certain', 'Likely', 'Possible', 'Unlikely' and 'Rare'.

The next step is to calculate what levels of Risk you can handle in relation to certain events. This would be done by weighing up the risk of an event occurring against the cost to, for example, provide a fail-over solution; and the benefit from the failover solution should that situation occur.

Example
The risk of newspaper production being interrupted should there be a power brownout in the city::
Standby generators may cost $500k.
The loss of advertising revenue per day could be $350K.
Probability of power brownouts exceeding one or two days per year = 65%

Sound judgment would tell you to go ahead with generator installation, or be in a position to use printing presses in another locations, and ship newspapers back to the effected city.

Other examples include::

Moving on to your basic Risk Management Plan
It should at least include those matters which you deem to be Mission-Critical.
1. Having identified your mission-critical risks,
2. Determined the probability that the event will occur, and
3. Identified the consequences if the event does occur.
Now, complete your Risk Management Plan.

Business is all about risk, now that you have minimized yours, continue the exciting journey!

Have a great week
Denis Orme
027-472-8610
www.leader-success.com

Preventing Project Derailments…
Email me for a copy of this new article, or to arrange a presentation ::: denis.orme@yahoo.com