Risk Management: It pays to spend time dwelling on the dark side
Is your organisation prepared for any risk, whether large or small, imminent or eventual, avoidable or not? The time and effort put into “exploring the dark side” and developing a solid risk management framework will pay off, making your organisation well-equipped to navigate an uncertain future.
FUTURE PROOF – BLOG BY FUTURES PLATFORM
Not long ago, worst-case-scenario merchandise was flying off the shelves, and survival-chic was the fashion trend. While many cavalierly believed they were prepared for the worst, the highly predictable Covid-19 pandemic arrived right on cue and caught the vast majority of organisations completely off guard. However, properly constructed and maintained risk mitigation and management programmes allowed some to escape the more dire outcomes.
WHAT IS RISK MANAGEMENT?
Risk management is defined as the overall means for attempting to control future outcomes as much as possible by acting proactively rather than reactively. Think of it as doomscrolling with a process and purpose – planning for the worst possible situations helps ensure the survival of the best-prepared organisations. A carefully built risk management framework is layered and flexible enough, allowing the organisation to meet both short- and long-term needs.
Each industry, and indeed each organisation, has a unique collection of risks that needs to be factored into a risk management framework. This framework typically follows a circular process: identifying potential risks, assessing them, determining control measures to manage them, and regularly reviewing risks through continuous monitoring.
Key steps in a risk management framework
Now, let’s walk through the key steps of the risk management process using an example business of an online retailer.
IDENTIFY POTENTIAL RISKS
Brainstorming is an effective way to determine the risks an organisation faces. Every member of the organisation, from the board of directors and CEO to newly onboarded interns, should be part of this process, because each individual will have a different view of what’s important based on where they sit within the organisation.
Example of risk management: Online retailer
Management (the CEO) is likely to paint risk scenarios with the broadest brush – the buck stops at their desk, after all. But an IT staff member will know the specific vulnerabilities of the site design and what it could and could not handle if there were a significant uptick in product offerings or site traffic. And a customer service representative will know what’s bothering customers – from incorrectly filled orders to unreliable deliveries, or even disappointment with products; the potential hazards are extensive.
Note: This type of brainstorming is a unique ask to make of staff, as typically, these types of activities have a positive focus, such as solving a problem or improving productivity or efficiencies. So, beware that asking staff to wallow in pessimism may trigger some suspicions or concerns that jobs are in danger, and make sure everyone knows that thinking about worst-case scenarios now, while sobering or even morbid, is exactly what’s needed to help prevent the worst from occurring if an identified risk becomes a reality.
2. ASSESS THE IDENTIFIED RISKS
The next step in the risk management process is to assess both the likelihood of each identified risk and the category of risk each one belongs to:
Preventable risks are almost exclusively internal to an organisation, and therefore best addressed through effective policies and by establishing behavioural norms for employee interactions with customers, business partners, and up and down the internal ranks.
Strategy risks are mostly within-industry issues related to competition and the timing and pace of growth for an organisation.
External risks are often issues covered by (or excluded from) insurance policies, such as natural disasters, shifts in government, or extreme economic or market fluctuations.
Example of risk management: Online retailer
The team has generated a list of risks ranging in severity and frequency, from shrinkage due to employee theft to “the big one” that takes down the site’s servers, which are located on the West Coast of the US. The team determines that shrinkage is a preventable risk. Most of the team works remotely, which limits potential employee theft of products within the company’s fulfilment centres. The site servers being extremely compromised or taken out by a major earthquake most definitely falls under the category of external risk: unpredictable and completely outside the company’s control.
3. CONTROL THE RISK
Once you assess the category, likelihood and potential impact of the identified risks, determine control methods on how to manage them. Depending on your appetite for risk-taking, you will develop a plan to control each individual risk or each category of risk through one of three risk management strategies:
Avoidance – eliminate the risk because it is almost entirely within the organisation’s control to do so
Mitigation – decrease the potential financial impacts by striving to lessen the likelihood of the risk occurring
Acceptance – another form of risk mitigation for occurrences that are the least predictable and potentially catastrophic
Example of risk management: Online retailer
The company determines that the control measure for the preventable risk of shrinkage is avoidance through the implementation of appropriate human resources measures, such as background checks, inventory auditing protocols and internal security systems. As for the issue of the site servers being located in an earthquake-prone zone, the company accepts this as an unpredictable and potentially catastrophic risk, so it begins work on establishing backup servers in other areas and looking into working with external service providers to ensure secondary and tertiary backup systems are in place should the main servers go down.
4. KEEP MONITORING FOR NEW RISKS AND CHANGES
Lather, rinse, repeat: set up a dynamic, flexible system for risk monitoring and a robust review cadence. Nothing is static, and risks will evolve, shifting positions or falling off the list entirely as new risks appear on the horizon.
When conducting continuous risk monitoring, it's important to stay updated on relevant industry, technology, and global trends. This process also greatly benefits from scenario planning, which allows your organisation to explore how identified risks may evolve in the future and develop risk management strategies for a range of different scenarios.
Example of risk management: Online retailer
As a relatively new and rapidly evolving industry, online retail is best served by frequently reviewing and revising risk management needs, tools and strategies. This example business, like many in the online retail industry, was just getting off the ground when the Covid-19 pandemic hit, which paradoxically created new, unforeseen problems as the business surged with shoppers pivoting to online purchasing. These included leased office space sitting empty, having to set up employees for remote work and a whole new level of health and safety requirements for warehouse staff.
Keep your toolbox well stocked and your risk management tools sharp with Futures Platform
Our digital foresight platform is packed with insights on emerging trends and future scenarios across industries to help you identify risks and strategic blind spots before they impact the bottom line.
