The risk management program is the core of effective risk management. But what are the elements of such a program? Commitment, process, information, and management.
Risk management is about managing uncertainties – managing threats and opportunities. More specifically, a risk management program is a commitment to a process of gathering credible information about the threats and opportunities faced by an organization in order to manage those risks.
Let’s take that apart.
Risk management involves a commitment from leadership. It is not sporadic. It is not does not merely percolate up from below as a result of hiring solid employees and training them effectively. Risk management involves a commitment by senior leadership to use identify and risk in decision-making.
Risk management involves a process. It is not a static activity. It is not something that can be done once and never revisited again. It is instead a dynamic series of actions or steps involving the adoption of systems, controls, policies, and procedures over time, then periodically evaluating those steps to achieve better results.
Risk management involves information. Individually human beings are not very good at gathering or evaluating information. However, by soliciting multiple viewpoints, considering additional sources, and systematizing the way we evaluate, human beings can accomplish tremendous feats of analysis.
Finally, risk management involves management. This element emphasizes the ongoing, cyclical nature of an effective risk management process. We commit to the process. We identify threats and opportunities. We avoid those activities that would pose unmanageable or un survivable threats. We develop, through pilot programs, those opportunities that fit within our strategic and operational objectives. We reduce, through mitigation, the threats that are posed by our strategic and operational activities. We shift risks that can be shared with others. And then, dynamically, we learn from all of those activities through an ongoing cycle of continuous process improvement.
In other words, risk is uncertainty. By using a risk management program, we commit to reducing uncertainty. By doing so, over time, we make meaningful, significant change.
Please share this post if you found it useful. We are out to change how organizations think about risk management, and we need your help.