The Cost of Managing Risks
StumbleUponAs Christmas approaches, and everyone's thoughts turn towards how much they're going to have to spend, Dr David Hillson considers the costs of risk management, and why it's important to cover them.
As the Christmas season approaches, many will be considering the
cost of celebrating the festival. Especially in the West,
Christmas is now characterised (sadly) by commercialisation and
materialism, imposing a significant cost burden particularly on
families. Is it worth it? As we seek to manage risk effectively,
questions of cost also arise since risk management is not free.
There is no zero-cost option for risk management, and the
costs to be paid fall into three categories : one-off, ongoing,
and occasional.
First are the costs of entry, paid once to establish a risk management capability. The primary cost here is for the Three Ts : techniques, tools and training. Any organisation wishing to manage risk has to invest in the necessary infrastructure to support the risk process. Techniques and procedures must be developed and rolled out. Tools to support the process must be bought or developed. And staff must be trained to use the techniques and tools effectively. If the entry cost is not paid, risk management remains merely a good intention, with no capability to deliver.
The second type of costs are for ongoing maintenance, to preserve an effective organisational risk management capability. It is important to keep the risk process fresh and up to date. Without ongoing development of the risk process, there is a danger of losing effectiveness. Risk management is a developing discipline, and new techniques and tools emerge regularly. Even the conceptual basis continues to grow as new ideas become accepted into the mainstream. Effective risk management requires refresher training to maintain and develop staff skills, as well as revitalising the process to incorporate recent developments and new approaches. On average an organisation should aim to refresh its risk process every 2-3 years to stay up to date.
Lastly there are the costs associated with managing risk on projects. Each project faces a unique risk challenge, and managing this incurs costs for assessing risk and for addressing risk.
Of course there is a cost-benefit relationship from investing in risk management. Risk management delivers a wide range of benefits to the organisation and to its projects, clients and staff. Although it is hard to measure the return on investment for risk management, it is certain that no benefits will be realised unless the organisation is prepared to pay these costs. Indeed, not paying the cost to implement risk management exposes an organisation to another unnecessary cost unmanaged risk. This includes threats which turn into problems which could have been avoided, as well as missed opportunities which could have delivered extra benefits.
At Christmas time, most families do not regret the cost when they see the joy on their childrens faces. The answer to the question Is it worth it? is a definite yes. Hopefully the same can be said of risk management if we pay the cost we will reap the benefits.
First are the costs of entry, paid once to establish a risk management capability. The primary cost here is for the Three Ts : techniques, tools and training. Any organisation wishing to manage risk has to invest in the necessary infrastructure to support the risk process. Techniques and procedures must be developed and rolled out. Tools to support the process must be bought or developed. And staff must be trained to use the techniques and tools effectively. If the entry cost is not paid, risk management remains merely a good intention, with no capability to deliver.
The second type of costs are for ongoing maintenance, to preserve an effective organisational risk management capability. It is important to keep the risk process fresh and up to date. Without ongoing development of the risk process, there is a danger of losing effectiveness. Risk management is a developing discipline, and new techniques and tools emerge regularly. Even the conceptual basis continues to grow as new ideas become accepted into the mainstream. Effective risk management requires refresher training to maintain and develop staff skills, as well as revitalising the process to incorporate recent developments and new approaches. On average an organisation should aim to refresh its risk process every 2-3 years to stay up to date.
Lastly there are the costs associated with managing risk on projects. Each project faces a unique risk challenge, and managing this incurs costs for assessing risk and for addressing risk.
- Assessing risk : These are the costs of implementing the risk process on the project, including spending time and resources in risk identification workshops or interviews, performing risk assessments and analyses, attending risk reviews, writing risk reports etc.
- Addressing risk : This covers the cost of executing risk response plans, those actions which were not originally in the project plan, but which are deemed necessary in order to deal appropriately with identified risks. Proactive actions are needed to avoid or reduce threats, and to exploit or enhance opportunities. Contingency and fallback plans must be put in place in case risks occur. These costs would not have been incurred if risks had not been identified, but they are necessary to optimise the chances of achieving project objectives.
Of course there is a cost-benefit relationship from investing in risk management. Risk management delivers a wide range of benefits to the organisation and to its projects, clients and staff. Although it is hard to measure the return on investment for risk management, it is certain that no benefits will be realised unless the organisation is prepared to pay these costs. Indeed, not paying the cost to implement risk management exposes an organisation to another unnecessary cost unmanaged risk. This includes threats which turn into problems which could have been avoided, as well as missed opportunities which could have delivered extra benefits.
At Christmas time, most families do not regret the cost when they see the joy on their childrens faces. The answer to the question Is it worth it? is a definite yes. Hopefully the same can be said of risk management if we pay the cost we will reap the benefits.
About the author:
Dr David Hillson PMP FAPM FIRM MCMI is an international risk management consultant, and Director of Risk Doctor & Partners (www.risk-doctor.com). He is a popular conference speaker and award-winning author on risk. He is recognised internationally as a leading thinker and practitioner in the risk field, and has made several innovative contributions to improving risk management. His recent emphasis has been the inclusion of proactive opportunity management within the risk process, which is the topic of his latest book.
Comments
You must be logged in to comment.