Risk management: the basics of a complex process
Risk is generally regarded as an element or situation to be avoided, due to its negative impact component. However, risk simply refers to the uncertainty of the outcome an event can generate. In this sense, risk can have positive, as well as negative results. Nonetheless, because it is an area with a certain degree of mystery, risk management is, therefore, not to be overlooked or underestimated.
When a risk factor interferes with an organization, it changes its path towards achieving its mission, by either placing an obstacle on this path, or by helping it reach its mission faster. As such, taking a risk simply means doing things in a manner that differs from the usual one.
The right moment to take a risk, though, is hard to pin down as it is a combination between opportunity, progress and risk. Furthermore, not taking a risk at the right moment can be considered a risk in itself, as it represents the failure to take advantage of an opportunity, or a loss of progress which might have brought upon a better future.
It’s no secret that maintaining the status quo in an organization will, eventually, bring its end, as it slips further away from the ever-changing present trends.
But then the question raises: How can you measure with precision something that is not easily translated into numbers? Risk management programs may be tedious to compile and keep track of, but the gains obtained afterwards represent the basis to organizational evolution and progress.
The basics of risk
The first approach to a program designed to control and manage risks is to know the basic concepts it entails, namely risk, risk management and risk assessment program.
Risk – Thigpen et al. (2008) define it as a triggering factor that, through its consequences, alters the course of an organization towards achieving its mission. This alteration can be either positive, negative, or even both;
Risk management – The DHS Risk Lexicon understands this concept as “a process for identifying, analyzing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any action taken;
Risk management program – “A disciplined approach to assessing risk, implementing strategies to manage risks, and evaluate the effectiveness of these measures on an ongoing basis,” as defined by Thigpen et al. (2008).
The basics of a risk management
Once any trace of confusion regarding risk-related concepts has been removed, we can move forward to sketching the minimal necessaire for managing risk in any organization. As enlisted in the study “Managing risk in jails,” by Thigpen et al., the most basic documents any organization should possess, as far as risk management goes, are:
- Written policies and procedures;
- Personnel policies;
- Staff training programs;
- Personnel classification process;
- Security & communications systems;
- Provisions for fire safety & emergency response;
- Services to meet staff basic needs;
- Provisions for facility maintenance & sanitation.
Naturally, the type of documents presented above are, as mentioned, a minimum necessaire and thy may be regarded as a starting point to a more serious risk management program within the organization.
The basics of a risk management program:
Creating a program designed to manage risk represents the first systematic and organized approach to taking control of something that is, by its nature, unpredictable, uncontrollable and, often enough, unknown. Such a program can provide premature signals of warning, in case any dangers lurk around the organization or, on a more positive spectrum, it can draw attention to the right moment to seize an opportunity for change and development, which are both considered risks themselves.
The steps to creating a risk management program, briefly presented by the above-mentioned authors are:
- Define the risk;
- Explore the implications of that risk;
- Identify the costs (direct & indirect, together with the consequences of failing);
- Describe positive consequences of effectively managing risk;
- Generate a framework to identify, assess & manage risks;
- Describe the implementation of risk management strategies;
- Present common approaches that that engage all staff in the process;
- Analyze sources of risk & factors that contribute to risk events;
- Presents sample worksheets to identify, analyze & prioritize risks;
- Identify risk management organizations & resources available to help the own organization.
The reality, however, is that risk remains an integrated component of our lives and our decisions, and it will never be completely eliminated, no matter how thorough a program is, nor should it be. Risk is inherent to progress, and progress is crucial not only to any organization’s survival, but to every living person. The real goal, however, is to minimize the negative consequences of risk while maximizing the positive ones, altogether in a disciplined, systematical approach.
- Thigpen, M., L., Beauclair, T., J., Hutchinson V., A., Barbee, J., T. (2008), Managing risk in jail, The National Institute of Corrections
- Homeland Security (2011), Risk management fundamentals. Homeland security risk management doctrine
- Homeland Security (2010), DHS Risk Lexicon