• Evaluate Your Risks, Part I – Why?

      5 comments
      27th Nov 09
      Tom

    As you recall, the 3 steps of business risk management are:

    1. Identify your risks
    2. Evaluate your risks
    3. Plan for your risks

    I’ve written a couple of posts (here and here) about the first step – identifying risks and creating your risk inventory (list of risks and opportunities). I’ve also written about the related topic of identifying your opportunities. It hasn’t been an exhaustive tutorial, but hopefully there has been enough information presented to help you gain a basic understanding of how to get started.

    .

    Now let’s start talking about evaluating the risks. (Note: Whenever I write “risks” in this post, I am also referring to opportunities. They are evaluated in exactly the same way.) In this post I’m going to describe what results from the risk evaluation exercise. The next post will get into the specific actions involved in the evaluation.

    .

    Why Evaluate Risks?

    The risk evaluation yields several important results. When you are done, you will have

    1. A prioritized list of your risks and opportunities
    2. An estimated amount of contingency funding required to cover the most important risks to your business
    3. An understanding of how sensitive your business is to each of the most important risks.

    The most important output is the prioritized list, but the contingency funding level and sensitivity analysis provide very useful information. If you have to cut corners stop after #1, but I would encourage you to work towards implementing all three evaluation steps.

    .

    Prioritize Risks and Opportunities

    The first step of risk evaluation is to create a prioritized list of your risks and opportunities. We will accomplish this by estimating the probability of each risk’s occurrence and estimating the potential impact of each risk if it does occur. You will be able to sort your risk inventory in order of probability (the risks most likely to occur at the top) or in order of potential impact (the risks with the largest potential impact at the top). You may want to focus on the most probable risks or the risks with the largest potential impact – it’s your call. Or maybe you’ll want to look at it both ways. (This is where the advantage of a computer spreadsheet or risk management software comes in to play. A spreadsheet gives you the freedom to slice and dice the data in many different ways.) Now you can focus on just the few most important risks when we move into Risk Management Step #3: Planning For Your Risks.

    .

    Estimate Contingency Funding Requirements

    If you have financial models available that allow you to generate some realistic potential impact values, risk evaluation will allow you to calculate the amount of contingency funding needed to cover your most important risks. The contingency funding will be based on the concept of “probable impact”. Probable impact is calculated by multiplying the risk’s probability by its potential impact. It is a way to mathematically estimate how much money should be set aside to cover uncertain events.

    .

    Here is how it works. We have a risk with a potential impact of $100,000. That means if the risk occurs (100% probable, right? – it is occurring), the impact on the business is $100,000. But what if the risk’s probability is only 50% – how much should I set aside to cover it? The conservative answer is $100,000, but that’s a lot of money to set aside for only a 50% chance of needing it. Using the probable impact calculation, we would put aside $50,000 (50% x $100,000). Granted, we’ll have some trouble if the risk occurs but not as much as if we hadn’t set anything aside. And remember that we have a list of risks, each with their own probability. Some will occur, some won’t, so at any given point you will have ‘extra’ money set aside that you can draw from. If you keep your risk inventory and evaluations current, you will have a real time estimate of contingency funding necessary to cover those risks you consider most important.

    .

    Analyze Sensitivity

    The sensitivity analysis portion of risk evaluation requires some sort of financial model to test scenarios using your most important risks. Sensitivity analysis helps you understand how sensitive your business is to a particular risk. For example, you have identified a risk that material costs may be $10 per unit higher than planned. You have estimated that the potential impact of the higher material cost risk is $25,000. But your $10 estimate is just that – an estimate. What if the actual material costs are only $5 higher than planned? or $15 higher than planned? Does the risk’s potential impact change a lot or a little?You will find that your business is more sensitive to some risks than others. Sensitivity analysis allows you to identify risks whose potential impacts change more drastically as you move away from your assumed value. It’s definitely a more advanced aspect of risk management that helps you manage your risks more efficiently.

    .

    Those are the three outputs of a thorough risk evaluation. The concepts can be a little confusing at first (especially the last 2), but give it some time to sink in. The next post will cover more of the step-by-step, how-to details. In the meantime I would love to hear your questions, comments or complaints if I’ve completely lost you.

      How to, Risk Management
      , , , , ,

    Write a comment




Get Adobe Flash playerPlugin by wpburn.com wordpress themes