Access the essential membership for Modern Managers
One of the major reasons that strategies fail to meet their objectives is the mismanagement of risk. Generally, either risks are not properly planned and prepared for, or action is not taken at the right time to lessen the blow. A good risk-management strategy will help ease some of the tension associated with planning for the unknown.
Risk is…
… an uncertain event or set of circumstances, which, should it occur, will have an effect on the achievement of the [strategy’s] objectives. [1]
The Risk Management Process
There are five major steps in the risk management process:
- Identifying risks
- Assessing risks
- Deciding what to do
- Monitoring risks
- Taking action
At the implementation stage of the strategy process, you should already have identified the risks to your strategy and derived the status of each risk – the impact each risk would have on the strategy if it occurred and the probability of the risk happening. From this, you will have assessed the magnitude of each risk.
Where strategy implementation is concerned, risks may arise. For example, if senior management fail to achieve buy-in for the strategy, communication is unsuccessful; if investments don’t produce the required return; if tasks are poorly coordinated; and if the organizational culture is not aligned with the strategy, amongst others.
You can now take the following steps to record and monitor the risks to your strategy:
1. Record The Risks
Record the risks on a strategy risk log.
This gives an overview of all the risks and will help you monitor their assessment.
2. Derive Action Plans
Decide how you would deal with each individual risk if it occurred, and when and under what circumstances the action should be taken. There are generally six courses of action available:
- Accept the risk. It may be decided that although the risk exists, no specific action should be taken against it. Perhaps the risk would only have a small impact if it occurred, or maybe there is no getting around the risk, but this is not reason enough to stop the strategy from going ahead.
- Prevent the risk. This involves taking action to make sure the risk doesn’t happen. However, it must be worth spending the extra time and effort needed, and any action should not negatively impact on the objectives of the strategy.
- Reduce the risk. This involves reducing the potential impact of the risk or the possibility of it occurring. For example, to reduce the risk of faults occurring in a new product, a thorough testing program would be undertaken.
- Mitigate the risk. This involves devising a plan of action that can be undertaken should a risk occur, to minimize the impact.
- Make contingency plans. It is good practice with any strategy to set aside time or resources that can be called upon should a risk occur. This is not only important for identified risks, but also for unforeseen events, for example changes in the law.
- Transfer the risk. Sometimes it is possible to give the risk to another party to deal with, usually for a fee. For example, insurance companies take on the financial risks of others.
3. Monitoring Risks
Senior management should maintain an overview of the risks to the strategy throughout implementation. However, the management of individual risks will usually be delegated to others further down the organization. These people will use a risk management form to record the details of each risk. This should be updated regularly throughout implementation to keep track of reviews, action taken and status.
Those responsible for individual risks should report back to senior management on the risk status at regular intervals.
