One thing I am super familiar with and do on almost a daily basis is “firefighting” at my job. Being able to go with the flow in any given situation and be quick on my feet when situations arise is essential to my success as an individual in my personal and professional life. However, it takes a toll on the ability to focus and increases my anxiety after a while, at least for me it does.
What if we were able to better predict some of these “fires” and identify the risk/s of a situation arising before they escalate to the point of no return?
This is a skill set that is no joke in the professional world, colleges have entire classes dedicated to this topic. I took a project management class during my graduate studies that had a strong emphasis on this, and it opened my eyes to how important this really is and all the resources that are available to preventing the development of risks into major problems. But despite all the language and money invested in this aspect of businesses, risk management is too often treated as a compliance issue that can be solved by drawing up and enforcing a bunch of rules and regulations, some of which are effective and some of which hurt more than help.
So why is it that risks are an important aspect of any size business, but also so hard to talk about? To sum it all up in one thought, studies say it is because people tend to overestimate their ability to influence events/ outcomes that are actually determined more by chance than anything.
According to the Harvard Business Review, one way to eliminate the chances of a major meltdown is to take a strong look at the individual, departmental, and organizational challenges and encourage open, constructive conversations about managing and resolving the risks. In order to do this effectively and create needed changes, everyone has to understand the qualitative distinctions among the categories of risks that organizations face and keep this in mind when establishing approaches and processes to combat arising problems.
Category 1: Preventable Risks– These risks are usually internally sourced and relatively controllable in elimination. HBR says the best way to sort and manage these kinds of risks are, “through active prevention: monitoring operational processes and guiding people’s behaviors and decisions toward desired norms,” (Harvard Business Review, 2012).
Category 2: Strategy Risks– These risks are different from C1 since they cannot be managed through a rules-based control model, and aren’t always undesirable; companies have to take risks in order to grow to a certain extent. “Instead, you need a risk-management system designed to reduce the probability that the assumed risks actually materialize and to improve the company’s ability to manage or contain the risk events should they occur,” (Harvard Business Review, 2012)
Category 3: External Risks– These risks stem from decisions/ events outside the control of a company/ individual, such as natural and political disasters and major macroeconomic shifts. “Because companies cannot prevent such events from occurring, their management must focus on identification (they tend to be obvious in hindsight) and mitigation of their impact,” (Harvard Business Review, 2012).
“Risk mitigation is painful, not a natural act for humans to perform,” says Gentry Lee, the Chief Systems Engineer at the U.S. National Aeronautics and Space Administration (JPL Division). In risk management solutions, it is not “one size fits all” because risks are often changing and developing, especially with the constant growth and expansion of technology we are constantly surrounded by. There are many ways companies can mitigate risks like hiring independent experts and facilitators, but these often take a lengthy amount of time, as these external sources have to learn the business of the company they are hired by. Instead, we can take risk management into our own hands and make lives easier for ourselves, each other, and our facilities through a variety of actions:
1.) Make sure you describe the risks appropriately and be clear when explaining all the information. Distinguish between cause and effect to prevent assumptions becoming facts, and fall back on previous experience to support the key points.
2.) Not all risks will automatically result in negative outcomes, so when addressing them to an audience, think and communicate positively about the outcomes by focusing on what good will come out of the given risk. It may steer the conversation and plan of action in a favorable direction.
3.) Use a risk matrix to prioritize risks and determine how severe and likely the risk will become a problem.
4.) If you observe a potential issue or a risk that will turn for the worst, speak up to your leaders and take action to prevent the risk from potentially growing into an issue.
5.) Use the 4 T’s to determine the best way to manage a given risk
- Transferring risk means assigning a person/ group to be responsible for the risk.
- Tolerating risk means no immediate action is needed to mitigate a risk, but still keeping the risk on your radar.
- Treating risk means controlling the risk through actions that will lessen the likelihood of the risk becoming an issue and/ or minimizing the impact it creates.
- Terminating risk means altering the process and policy to completely remove the risk.
Do you have any additional tips on how to strengthen risk management? Feel free to share them in the comments below; sharing is caring!
DANIELLE JEAN BELVOIX 