Risk management depends upon a continuous, seven-step process:
1 – IDENTIFY risks faced by the organization – both opportunities (positive risks) and threats (negative risks).
2 – Some risks are avoidable if you simply don’t engage in an activity. AVOID projects and actions that would trigger risks you don’t want to face.
3 – Some risks are opportunities. DEVELOP opportunities that may be of strategic value.
Those three steps identify threats and opportunities, rule out some actions as just too risky, and position new initiatives for testing. But what do we do with those threats we can’t avoid, as well as the potential negatives that may result from new initiatives? That’s addressed in the next three steps:
4 – REDUCE the threats presented by ongoing operations and strategic initiatives by identifying and implementing specific mitigation efforts.
5 – SHIFT threats that cannot be mitigated, using insurance, contracts, joint ventures, etc.
6 – ACCEPT the remaining risks, having taken the reasonable steps outlined above.
Finally, risk management is not a one-and-done activity. Instead, it builds and improves over time:
7 – IMPROVE your risk management over time by making Steps 1 through 6 an ongoing process and regular part of your operations.
If you liked this post, please share it with your connections. We want to build healthy resilient nonprofits and startups. Your share can help.