Risk management – a complicated skill that requires outside assistance or a simple business process that can easily be carried outby those who know the organisation best? The consultant in me wants to say it’s the former – but the reality is that the latter applies.Organisations are often overawed by the notion of identifying risks,assessing likelihood and consequence and then coming up with a risk level before developing treatments. It needn’t be this complicated however.
So how does an organisation effectively manage its risk? The answeris simple – just ask a number of questions.
The first question to ask is: what do we do? Understanding the organisation and its activities will set an excellent foundation for the risk management process.
The next question to ask for each activity is simple – what can go wrong? Let’s take the case of a take away food outlet. One of its activities is cooking food. One of the things that can go wrong (risk) is:“Member of staff burnt by hot oil”.
Once we have identified the things that can go wrong the next question to ask is: what will cause it to go wrong? This is actually one of the most important parts of the risk management process. By identifying what would cause the event to occur, the opportunity exists to implement controls that would prevent the event occurring (reduce Likelihood). In the example above, some of the causes may include: lackof training, lack of skills and experience of the operator, item drops into oil and oil too hot (just to name a few).
Once we understand the causes the next question to ask is: what would happen if it did go wrong? Identifying the consequences if the event were to occur will allow the organisation to identify those events that would have the greatest impact on the organisation. In ourexample the range of consequences may include: injury to staff member,loss of productivity; investigation by Work safe and increase in Worker’s Compensation premiums.
The next obvious questions to ask are: what can we do to stop it happening and if it does happen – how do we minimize the consequences? This is the point in the process where the organisation focuses on developing controls to reduce the likelihood that the event would occur and/or controls to reduce the impacts if the event does happen.
So what controls would you implement for the example above?
So there you have it – risk management made simple.