4th Jan 10
Tom
- Image via Wikipedia
It’s been a while… Let’s get back to basics of the risk management process.
.
We’ve covered the first two steps – identifying risks and evaluating them. You now have a great list of your risks and opportunities, in order of their potential impact on your business, but your work isn’t done yet. Having the list helps you anticipate which risk may have the biggest impact on your business, but if the risk becomes reality you will still be reacting to it during a potentially stressful situation.
.
Since clear, thoughtful thinking is difficult during a crisis, let’s do some thinking now about what we would do. This exercise is called risk mitigation planning. Believe it or not, this is the fun part of risk management.
.
Risks can be mitigated (i.e. made less severe or alleviated) in several different ways. You can mitigate risk by:
- Avoiding it in the first place (the obvious preference)
- Reducing the risk’s impact when it occurs
- Transferring the risk and its impact to somebody else (e.g. through the use of insurance, warranties, etc.).
.
For each risk, write down what steps you will take to mitigate that particular risk. How will you recognize the risk becoming reality (is there a measurement you can use)? At what point will you take mitigating action? What actions will you take? How will you know when you have succeeded? The mitigation plan is where you will realize the greatest value of your risk management efforts. You are now prepared for the most important risks to your business and have a plan for dealing with them if and when they occur.
.
I think there is a tendency to over think risk mitigation sometimes or at least make the planned mitigation more complex than it needs to be. Don’t fall in to the trap of making your plan overly complicated. Many times employee awareness or training will be just as effective as some fancy software – and a whole lot cheaper!
.
Let’s talk about how mitigation planning works for opportunities. During the sensitivity analysis, you created a rank order list of opportunities. Now is the time to plan on how you can realize some of those opportunities and reap their benefits. Write down the steps you will take to make the opportunities realities. What actions will you take? How will you know when you’ve succeeded?
.
Opportunities are exciting! Planning for opportunities is fun! Now you can have some fun and transform the opportunities into results. Effectively executing your plans for your opportunities many times will offset the cost of the risk managment process or even pay for it completely. Don’t pass up the opportunity (pun intended 
)!
.
Robert F. Kennedy once wrote: “Only those who dare to fail greatly can ever achieve greatly.” Dare to manage your risks. I’ve got your back - so don’t worry about failing greatly - let’s achieve greatly. OK? Thoughts?
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_b.png?x-id=63d999d5-5559-42b2-b5b1-3f74a515a9b8)
RSS
Janice Gaines
January 6th, 2010 at 13:48
Is anyone else here reading “I.T. WARS”? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of a “business-technology weave.” It has great chapters on security, risk, project management, content management, acceptable use, disaster recovery (rebranded as disaster awareness, preparedness and recovery), policies, and so on. Just Google “IT WARS” – check out a couple links down and read the interview with the author David Scott. (Full title is “I.T. WARS: Managing the Business-Technology Weave in the New Millennium”).
Tom
January 6th, 2010 at 20:49
Thanks for the recommendation, Janice. I haven’t read it, but I’ll take a look at the interview. Has anyone else read it?