Absolutely everything in life carries a risk. Whether
you walk or drive, get married or stay single, go to college or go to work, you’re
taking a risk. You can’t even avoid risk by doing nothing! After all, couch potatoes run the risk of
obesity, diabetes, and high blood pressure.
Given the reality that no action or even
inaction is risk free, how do you decide whether a project or change in your
business is worth the risk?
There are really several different parts to
risk analysis. One is a simple analysis of risks, their likelihood, and their
impact should they come to pass. The second is the construction of a risk matrix to help your team visualize the relative significance of various risks. The third is a risk management plan—a review of
what it would take to mitigate the unavoidable risks inherent in your plan.
To make this a little clearer, imagine that
you are planning a corporate social event. You’ve put together a basic plan for
a picnic, outdoor games, and an evening bonfire. It should be a lot of fun, but—as with everything in life—there are risks involved.
A risk analysis will tell you that it might
rain…team members might choose not to
take part in the games…and the evening
bonfire could become an evening wildfire if not properly managed. This type of
analysis will also tell you that rain is very unlikely, as you happen to live
in a desert area, but very dry conditions mean that bonfires are quite
dangerous.
A risk matrix will help you to visualize the significance of these risks, so that you can better determine which are important enough to manage—and which can simply be avoided.
A risk management plan would almost certainly
include the selection of venue alternatives in case of rain, spirit-building
activities to raise the level of interest in games, and fun, evening
alternative activities that don’t require actual flame.
Of course, none of these analyses can be 100%
accurate: no one can judge risk with 100% certainty. Which explains, among
other things, why gambling and insurance continue to be such popular
industries! But the process of
acknowledging, identifying, and planning for risk can help you and your
business to ensure that you are hedging your bets, and planning for the long
term.
Conducting a Risk Analysis
Once you’ve identified your project, its goals,
and a group of team members with the expertise to undertake the work, you’re
ready to move forward with risk analysis. Of course, it’s great to have the
funds and time to hire an outside risk analysis expert—but, like most of us,
you may have to become that expert yourself! If that’s the case, not to worry: the process is not terribly complex.
Step 1: Identify the Risks
No one understands
risk like the people who live with it every day. Your sales force understands
the risks inherent in over or under-bidding; your marketing team understands
the risks of trying out a new and edgy type of messaging. So you’ll need to
turn to your team as you begin making your list of risks. To do this, you can
interview individual team members, run brainstorming meetings, review
evaluations of past, similar projects, or (ideally) do all three.
Step 2: Evaluate the Risks
Evaluating risks
involves coming up with scored answers for two related questions:
- How great is the probability that this problem
will occur? - If this problem should occur, how great would
the impact be on our project?
You’ll give each risk a score from 1 to 9,
with 1 being the slightest risk or the slightest impact, and 9 being the
greatest. So, for example, going back to the corporate picnic, the risk of Margaret
in Marketing forgetting to bring the potato salad is quite high (perhaps an 8),
but the impact it would have on the event is very slight (perhaps a 2). Conversely,
the risk of a major storm may be quite low, but it would have a devastating
impact.
The process of evaluating risks can be quite
complex, involving mathematical models. At the very least, it will almost
certainly involve some level of research. For your picnic, you might not want to
actually model the probable outcome of having certain events occur—but at the
very least, you’ll want to look at weather trends to see how likely it is that
you’ll experience severe storms during the afternoon.
When you’re done with your analysis, you
should have a list of risks with two numbers next to each one. It’s handy to
assign each risk a letter, so as to make it easier to chart them on the risk analysis
matrix.
Step 3: Build a Risk Analysis Matrix
A risk analysis matrix is a square chart or
graph divided into four boxes, representing severe, high, elevated, and guarded
risk. Along one axis of the graph are the numbers 1 – 9 representing frequency
of likelihood; along the other axis are the number 1 – 9 representing severity
or significance. If you like, you can color code your chart as shown. When you’ve
graphed your threats, it will become visually obvious which are the most
significant and the most likely (and vice versa).
Risk Analysis Matrix (blank chart).
Chart your risks as you would any other
information by placing the letter representing the risk on the chart where it
belongs. A risk with a likelihood of 8 and a significance of 7 would be plotted
in the red zone, meaning it is a major threat, while a risk with a likelihood
of 4 and a significance of 3 would be plotted in the blue zone meaning it is a
minor risk.
Preparing the Ground for a Risk Management Plan
With your matrix in hand, you can now clearly
see and easily share information about risks related to your planned project. This
means you’re ready to start thinking about how to manage those risks based on
their likelihood and severity.
There are really only a few basic ways to
manage risk, no matter what your business or the risks you’re envisioning. You’ll
choose the style of risk management based on the type of risk you’re facing. Here,
according to the Association for Project Management ,
are your options:
- Remove: Any risk that can be easily removed
from your project should be removed from your project. In the case of the
corporate picnic, it makes sense to just say no to a bonfire. - Reduce: Many risks can be reduced by taking
relative low cost, simple actions before getting started. For example, if one
of your risks involved negative responses from upper management, an easy way to
reduce the risk might be to involve upper management in early brainstorming and
decision-making. - Avoid: What
will you do if this problem arises? What
is your “Plan B?” In the case of the
picnic, a great option for avoiding a weather-related risk is to have an indoor
venue available. - Transfer: Can someone else take responsibility for your
risk? For example, if you hired an
outside firm to set up your picnic, you can also ask them to think through and
offer acceptable options given the risk of rain. - Accept: Some risks are worth taking. Would you
risk being embarrassed if offered the opportunity to make the graduation speech
at your alma mater? Chances are you’d
say “yes,” and accept the possibility that your mind might go blank at the
microphone. Some risks, on the other hand, are so slight that you can easily
adjust to managing them. Having no potato salad is such a risk. Sure, Margaret
might forget to bring it, but—so what?
Understanding your options, you can now—with
or without the help of counsel or your team members—go through your risk
matrix and assign appropriate responses to each item.
Creating Your Risk Management Plan
Your risk management plan is a document
based on all the work you’ve done so far, which includes your matrix and your
assignment of strategies for each risk. Where the strategy involves more than
simple acceptance, you’ll need to work with stakeholders to determine the best
course of action should the risk become a reality.
This document should be read, revised, and
approved by your team members and any other stakeholders, so that you are all
on the same page regarding the best course of action in each situation. With
your risk management plan approved, you’ll be ready to mitigate or avoid many
risks. Perhaps more importantly, you’ll have a “Plan B” in hand in the event
that significant risks become real problems.
A risk management plan becomes, in essence,
insurance against a wide range of possibilities. How useful is it? According to NASA, a well-designed risk
management strategy has been a major tool for ensuring the success of many high
profile missions such as the repair of the Hubble Telescope. According to a
Case Study document describing risk management at NASA ,
the matrix created for space-related projects was more complex than most, as
some projects involve multi-billion dollar budgets and international scrutiny
while others are almost invisible to the public. The outcome, however, was well
worth the work:
The establishment of the risk level early in the program/project
provides the basis for program and project managers to develop and implement
appropriate mission assurance and risk management strategies and requirements
and to effectively communicate the acceptable level of risk. The document sets
the stage for the project execution addressing a myriad of requirements governing
parts, material design –single point failures, analysis, software, verification
testing, quality assurance, reviews, and risk acceptance level.
Of course, unless you’re working for SpaceX,
it’s unlikely that your risks will include the loss of a major satellite or the
failure to rescue a multi-billion dollar space telescope. But the type of risk
you incur is really beside the point. Your business is as important to you and
your co-workers as a rocket to Mars maybe for NASA. The loss of a major product, client, or project could be fatal to
your corporation. A risk management analysis and plan has the power to ensure
that you’re never risking more than you can afford to lose.
沒有留言:
張貼留言