A Noob's Guide to Risk Management
Updated: Apr 25, 2019
Here is a simple way to understand risk management. Forget about the textbook, standards and jargon. If you can get this, you're ready to manage risks.
The Elements of Risk
Politics - mass influences on policy shifts.
Economics - competition for wealth.
Social - way of life and equality.
Technology - new tools and methods.
Environment - biosphere. Nature's living and non-living things.
Legal - boundaries of allowable actions.
The Components of Risk
Risk - future results that you might not like.
Sources of Risk - any object or action that can cause distress.
Causes of Risk - when your control mechanisms fail to make your sources of risk behave properly.
Risk Event - a happening you can detect with your five senses or what the computer sensors tell you. And you don't like it.
Risk Consequence - the final happening that carry dollar losses.
Risk Causality - chain of risk events.
Possibility - any event that can happen.
Probability - chances of an event happening.
Impact - dollar losses itself.
Risk Appetite - how aggressive you are in pursuing risks.
Risk Tolerance - how strong is your defense and resilience.
Risk Severity - how bad is the situation relative to your tolerance.
Risk Identification - hunting down and sorting risks by component.
Risk Analysis - measuring the risks you have identified.
Risk Evaluation - deciding what to do with risk.
Risk Assessment = Risk Identification + Risk Analysis + Risk Evaluation
Risk Treatment - finding ways to reduce risk.
Innovation - exercising creative ways to treat risks. Solution must be generally accepted by stakeholders. Otherwise it is mere creativity, not innovation.
How do Risks Manifest?
Things are created to serve a purpose. People design tools, systems and structures to make them functional. Being functional means meeting their purpose without breaking down. But man-made products suffer wear and tear and impact from external factors. Eventually, a cause of risk would activate. A control fail to control. At this stage we may not realise it yet. This is because sensors are not placed at every process checkpoint at micro levels. It is impractical to do so.
Soon, one part stops to function properly and the problem spreads through the system. A person or machine detects the failure. What you have just detected is the manifestation of risk event.
Through causality principles, risk events undergo chain reactions to affect other areas. That is why we see a problem that started with a small device on a plane eventually caused the entire plane to crash.
The Most Important Features in Risk Management
For an effective risk management, you must have 5 key features in your risk model:
causality map - to allow you to chain events and visualize their spread.
probability measures - you need real statistics.
impact estimates - this helps you measure your risk management performance.
risk movement - you must know how your risks evolve. This allows you to predict problems.
innovation - you need a more formal concept and tool to solve problems, not figure things out of thin air. Brainstorming help in creative ideas. You need more than creativity to innovate.
This sums up the basics of risk management. If you understand these base concepts, you have what it takes to be a risk manager.