As is the case with many things you will find that there are various Risk Management levels. From Oblivious to Optimized risk can be a significant problem and NRM expertise along with Flow Engineering can help. Initially people tend to be risk oblivious and just plow forward until a risk surfaces. Ideally, we learn something from that experience and move on. Over time we become more aware of risks and then may have to make some tough choices to make. At one end of the spectrum there is risk awareness and acceptance.
At the other extreme there is a well-orchestrated risk management effort that is fully aware, actively managed and is optimized to cope with risks. Here in this article, we want to explore this continuum and help you determine where you are and what next steps should be.
Risk Oblivious
Hmmm this should require no explanation but what the heck. If you are Risk Oblivious then you have no idea at all of the risks that you might be facing. I suppose simply reading this helps you realize there is risk everywhere and are now at least Risk Aware.
Risk Awareness
Risk Awareness is perhaps the first step of any Risk Management effort. Being one step up from oblivious you now know there are at least some risks involved.
Only after you realize that there is risk do you begin to ponder the prospect of doing what you can to reduce or minimize it. As such you aim to manage that risk and fortunately there are several ways to do this, and as you may guess Nimble Risk Management can help get you started.
Risk Awareness is a good start toward managing risk, but Acceptance may be the final destination for managing some elements of risk. Once you know about and can quantify risks you might find that some are unavoidable or even acceptable. These might be beyond your control or be too invasive or too expensive or too unlikely or obscure to act on. These risks may be good to know about and to track but for now they may represent situations that you can live with after making them known and deciding they are acceptable.
Risk Avoidance
You don’t have to squint too hard to see that Risk Avoidance might be the digital equivalent of crossing your fingers and hoping that known risks just don’t happen. This would only be a slight improvement over Risk Oblivious, but you may have opted to not think too hard about it and are not planning to do anything about your known risks. That squint quickly turns into a stink-eye thought when you are faced with a real crippling problem that was known and could have been avoided.
Risk Acceptance
With Risk Acceptance you at least have thought through some about potential problems you could face. As such you likely have some idea of what could happen regarding risks but have deliberately opted to not take any action at this time. This stance may not apply to all known risks and instead applies only to the ones that you think you could tolerate or endure or recover from fairly well. This might be fine but hard to say.
Active Risk Management
Here is where things start to get serious as by now you have likely have dealt with a few risks already. You have a part time champion assigned who knows that risk is both knowable and manageable and that some level of proactivity is advisable. You have a frequent review of risks and actively track them. Chances are you even conduct Root Cause Analysis (or RCA) as needed when a new project is started or new a new challenge is encountered.
Optimized Risk Management
Here you have a more formalized rhythm and ritual toward dealing with risk. You now have a dedicated Risk Manager to champion this effort. This person has formed a community of practice around risk and got things rolling. This group is dedicating regular effort to risk management and are passionate about chasing out risks or at least ensuring the impact is minimized. They review risk, revise remediation, monitor metrics and continually learn and explore new threats. As with any form of continuous improvement effort, risks evolve and can never be fully eliminated.
Some stats involving Risk Management
- Poor data quality was considered to be greatest data related risk by 58% of risk executives.
- Data protection and privacy is a high priority according to 61% of risk executives.
- Of Financial leaders 65% indicate that the complexity of corporate risks has increased significantly over the last 5 years.
Links
Next Steps
NRM can help to identify your business risks and then produce and inventory that can lead to action. Beyond that we can help build a formal program paired with Flow Engineering to make such improvements a part of normal rhythm of business with minimal friction and disruption.
Recognizing that there are risks and that you may need help is an important first step. From there you can decide the appropriate actions for each one which could include accept the risk for now.