Thankfully, not every bad thing that could happen does happen. And for many of the things that put us at risk, there are ways to minimize our vulnerability to them.
What is a risk?
In short, a risk is anything that has the possibility of a negative outcome. The two basic components of a risk are probability and impact where the value for probability is greater than 0% but less than 100%. (If the probability is 100%, it is no longer a risk, but a problem.) The impact or consequence of a risk may be low, medium or high. When we account for both probability and impact together, this is referred to as the exposure for that risk. For example, a risk with high probability and high impact, would also have high exposure, whereas a risk with low probability and low impact, would have a low exposure.
Here’s an example of a simple risk exposure matrix:
Just as we encounter risks each day, we also effectively manage many of them on automatic pilot. When I was a youngster, my mother taught me to stop and look both ways before crossing the street. I no longer think consciously about this, yet I perform the risk management ritual with great consistency. The outcome would still be bad if I were hit by a passing car, however my habit dramatically reduces the likelihood of it happening!
There are, however, many kinds of risks for which we have not developed an automatic habit of handling. Those kinds of risks require conscious thought and effort to deal with effectively.
Failing to deal with a risk does not mean we are free from its consequences. It merely means we are accepting the risk, either by explicit choice, or implicitly by ignoring it. In such cases we have done nothing at all to reduce our exposure to the risk and the consequences it may heap upon us. In other words, we’re allowing these risks to manage us.
Basic Steps in Risk Management
The basic steps in risk management are to identify, analyze, prioritize, and manage the risks. Whether you’re a leader in business or dealing with a significant personal matter, the same essential steps apply.
- Identify – Determine the undesirable things that may happen, and the consequences if they do happen.
- Analyze – Assign a probability and level of impact for each risk. Then use the probability and impact to determine the overall exposure for that risk.
- Prioritize – Decide which risks you will actively manage based on your analysis. Leave some room to factor in your professional or personal judgement as well.
- Manage – Some of the keys in managing risks are mitigation plans, contingency plans, and routine monitoring.
Mitigation plans are designed to reduce the likelihood (probability) of a risk occurring, or reduce the impact if it does. In other words, a mitigation plan is intended to reduce our overall exposure to the risk.
Contingency plans are different from mitigation plans in that they account for what we’ll do in case the risk becomes a reality. A contingency plan is what we implement if the risk turns into a problem and the bad stuff happens.
Both high and low priority risks should be monitored routinely in case anything changes.
In any endeavors of significance, the value of risk management cannot be overstated. Identifying and managing relevant risks will help leaders, teams, and you personally to operate more effectively, better meet your goals, and reduce stress!