Risk Assessment and Management
October 18, 2017 - Today, more than ever before, risk assessment and management are critical functions in every organization. We've said before that you cannot plan for every contingency, but you should be aware of the most critical risks facing your organization. Since you created your business continuity plan, have you reviewed and updated the risks you face? No? Review these articles to help you reconsider whether you've covered everything you should.
Companies need to stop thinking of risk management as primarily a regulatory issue and to reconceive risk management as a value-creating activity that is an essential component of the strategic debate inside the company. The goal of that discussion should not be to eliminate risk, or even to minimize it, but to use it to create competitive advantage. And doing that effectively depends upon a far more dynamic interaction between risk management experts and the line organization.
Low-probability, high-impact events are something that most individuals and organizations would rather ignore. After all, chances are it won't happen to you. Serious workplace violence events, active shooter incidents, and other unsavory threats are on the rise but it's easier to assume it will happen to someone else. We don't want to think about our own mortality or that of our organizations. Instead, we hope it won't happen to us, to our employees, to our customers, or to our communities.
Nonprofit missions are potentially bolstered --- and threatened --- by risk. When you decide to take a mission-advancing risk, wonderful outcomes as well as costly unintended consequences are possible. A growing number of nonprofit leaders are comfortable and accustomed to weighing the potential "what ifs" that lurk in the background of routine decisions as well as bold moves. There is a dramatic evolution of board interest in risk, accompanied by a sincere desire to provide proper oversight of risk-taking and risk management.
Standard risk equations use probability and impact to calculate the extent of a particular risk, often displaying the result in a risk matrix. However, such an approach neglects two important aspects from an organizational perspective: resilience and incident response. To rectify this the author proposes a new equation that allows for risk to be easily understood especially when it comes to the level of incident response required to address an event. It also assists in the assessment process as to the critical areas to focus on in today's constantly changing threat landscape.
Over the past several years, psychologists, behavioral scientists and academics have helped to advance our understanding of human psychology and, specifically, how humans respond to high-risk and crisis situations. This research has highlighted how a lack of pre-crisis training and preparation may exacerbate risk and cause unnecessary errors during times of stress and uncertainty. The good news is that these experts can also help us better understand the best ways for businesses to help individuals prepare and train for such situations so they can contribute positively to the risk management and crisis mitigation process.
Effective risk management doesn't function in a vacuum and rarely survives a leadership failure. The risk management function can review, inform, advise, monitor, measure and even resign. It cannot control, decide or abort; that's management's job. Without an effective internal environment in place to ensure that adequate attention is given to protecting enterprise value, entrepreneurial behavior can run amok, completely unbridled and without boundaries or constraints.
Copyright (C) 2017 Attainium Corp - All rights reserved.