~ By Paul Bower
Risk management as a shared or centralised activity must accomplish the following tasks: identity concerns; identify risks and risk owners - evaluate the risks as to likelihood and consequences; assess the options for accommodating the risks; prioritise the risk management efforts; develop risk management plans; authorise the implementation of the risk management plans; track the risk management efforts and manage accordingly. It is possibilities that are being accommodated. It is management's job to do the planning that will accommodate the possibilities. The customer is the final judge, but internal goals should be to a higher level than customer expectations.
The key words in risk management are: proactive; management; accommodate; acceptably; professional; possibility. The need for new risk assessment and management techniques is required to continuously track down potential and critical risks, and to develop strategies for handling these risks, for example: during product development. It is obvious that without a strong risk management plan as part of the process, a company will waste time, money, and resources, and will fail to manage their projects correctly.
Risk management is the sum of all proactive management directed activities within a programme that are intended to acceptably accommodate the possibility of failures in the elements of a programme. From an organisation's perspective a failure is anything accomplished in less than a professional manner and/or with a less-than-adequate result.
Risk management options are usually cited as risk handling options subdivided as: avoidance, control, assumption, risk transfer, and knowledge and research. Generally, the assessment of management options is a hip shot since the necessary decisions must occur early in a programme when things are still fuzzy. However, if experienced personnel are given the facts, one can expect very good decisions since there is seldom any real mystery about the practicality of options available. (The practicality of any option is usually just an issue of schedule and funding.)
Avoidance: Use an alternate approach that does not have the risk. This mode is not always an option. There are programmes that deliberately involve high risks in the expectation of high gains. However, this is the most effective risk management technique if it can be applied.
Control: Controlling risks involves the development of a risk reduction plan and then tracking to the plan. The key aspect is the planning by experienced persons. The plan itself may involve parallel development programmes, etc.
Assumption: Simply accepting the risk and proceeding. However, there can be a tendency within organisations to gradually let the assumption of a risk take on the aura of a controlled risk.
Risk Transfer: Means causing another party to accept the risk, typically by contract or by hedging. Liability among construction or other contractors is often transferred this way.
Knowledge and Research: This mode is not "true" risk handling, but rather a technique for strengthening other techniques. This approach can best be viewed as an adaptation of the approach used by a student writing a thesis: intensive study with specialised testing - in other words doing your homework.
Never expect initial risk management plans to be perfect. Practice, experience, and actual loss results will dictate changes in the plan to allow different decisions to be made in dealing with the risks being faced. In order for companies to succeed in the twenty-first century, they need to excel in all aspects of their business, which includes risk management, so they can fulfil their own and their customer's goals.
Risk management is an on-going process, and is a combination of proactive management directed activities within a programme that are intended to accommodate the possibility of failures.