Risk Metalanguage & Risk Responses
StumbleUponIn order to understand a risk fully it is helpful to identify its causes as well as its effects. We can do this by using risk metalanguage to develop risk responses saysd David Hillson...
In order to understand a risk fully it is helpful to identify
its causes as well as its effects. We can do this by using risk
metalanguage to develop risk responses...
By Dr David Hillson
[Register and post your own comments on this article below...]
In order to understand a risk fully it is helpful to identify its causes as well as its effects. Risk metalanguage can help by separating cause-risk-effect in a three-part description, such as “Because of , might occur, which would lead to .” This structured description not only ensures clear definition of the risk, but can also be useful when developing responses.
There are four basic types of risk response:
1. Aggressive responses, either to avoid a threat by making it impossible, or to exploit an opportunity by making it definitely happen
2. Involving a third party to manage the risk, either transferring a threat, or sharing an opportunity
3. Changing the size of a risk, tackling probability and/or impact to reduce a threat or enhance an opportunity
4. Taking residual risks which cannot be managed proactively or cost-effectively, accepting either a threat or an opportunity
Each of these strategies can be linked to the cause-risk-effect structure. For threats (i.e. risks with negative impacts) this means the following:
• Avoidance can be achieved by removing or changing a cause, or by breaking the cause-risk link so that the threat is no longer possible. For example risks arising from lack of expertise might be avoided by outsourcing or partnering. Exchange-rate risk might be removed by using only local currency.
• Transfer tackles the risk itself, by involving others in its management, though it does not change the risk directly. Insurance is the classical example of threat transfer, though contract terms can also be used.
• Reduction targets the probability of a threat by seeking to weaken the cause-risk link, or aims to minimise negative impact by addressing the risk-effect link. For example, knowing that use of a new supplier creates the risk of misunderstood requirements, familiarisation workshops can be held to make this less likely.
• Acceptance focuses on the effect, recognising that some threats are not controllable and might happen. This strategy might simply involve setting aside contingency funds to recover from negative impacts, or could involve developing a specific fallback plan to be implemented if we were unlucky and the threat occurred.
Similar thinking applies to opportunities (i.e. risks with positive impacts):
• Exploit the opportunity by leveraging its cause so that the opportunity is realised. For example a positive decision might be taken to include an optional item in the scope of a project to create additional benefit.
• Sharing an opportunity addresses the risk part of the cause-risk-effect chain, by getting others involved in managing the opportunity, perhaps through a risk-sharing partnership or incentivised contract.
• Enhancing requires either strengthening the cause-risk link to increase the probability that the opportunity will occur, or reinforcing the risk-effect link to maximise its positive impact. If attending a trade show creates the opportunity for new business, action can be taken to maximise visibility and attract contacts.
• Accepting that an opportunity cannot be influenced proactively means that attention is focused on its effect. Contingency funds might be allocated to take advantage of positive impacts, or a specific fallback plan could be developed for use if we were lucky and the opportunity happened.
The value of risk metalanguage in risk identification is already well-known. Now the same technique can provide a framework for development of appropriate responses to both threats and opportunities, ensuring that actions effectively achieve the desired results.
© April 2006, Dr David Hillson, PMP FAPM
About The Author:
Dr David Hillson PMP FAPM writes and consults ON risj management across a range of businesses. To provide feedback on this Briefing Note, or for more details on how to develop effective risk management, contact the Risk Doctor (info@risk-doctor.com), or visit the Risk Doctor website (www.risk-doctor.com).
By Dr David Hillson
[Register and post your own comments on this article below...]
In order to understand a risk fully it is helpful to identify its causes as well as its effects. Risk metalanguage can help by separating cause-risk-effect in a three-part description, such as “Because of , might occur, which would lead to .” This structured description not only ensures clear definition of the risk, but can also be useful when developing responses.
There are four basic types of risk response:
1. Aggressive responses, either to avoid a threat by making it impossible, or to exploit an opportunity by making it definitely happen
2. Involving a third party to manage the risk, either transferring a threat, or sharing an opportunity
3. Changing the size of a risk, tackling probability and/or impact to reduce a threat or enhance an opportunity
4. Taking residual risks which cannot be managed proactively or cost-effectively, accepting either a threat or an opportunity
Each of these strategies can be linked to the cause-risk-effect structure. For threats (i.e. risks with negative impacts) this means the following:
• Avoidance can be achieved by removing or changing a cause, or by breaking the cause-risk link so that the threat is no longer possible. For example risks arising from lack of expertise might be avoided by outsourcing or partnering. Exchange-rate risk might be removed by using only local currency.
• Transfer tackles the risk itself, by involving others in its management, though it does not change the risk directly. Insurance is the classical example of threat transfer, though contract terms can also be used.
• Reduction targets the probability of a threat by seeking to weaken the cause-risk link, or aims to minimise negative impact by addressing the risk-effect link. For example, knowing that use of a new supplier creates the risk of misunderstood requirements, familiarisation workshops can be held to make this less likely.
• Acceptance focuses on the effect, recognising that some threats are not controllable and might happen. This strategy might simply involve setting aside contingency funds to recover from negative impacts, or could involve developing a specific fallback plan to be implemented if we were unlucky and the threat occurred.
Similar thinking applies to opportunities (i.e. risks with positive impacts):
• Exploit the opportunity by leveraging its cause so that the opportunity is realised. For example a positive decision might be taken to include an optional item in the scope of a project to create additional benefit.
• Sharing an opportunity addresses the risk part of the cause-risk-effect chain, by getting others involved in managing the opportunity, perhaps through a risk-sharing partnership or incentivised contract.
• Enhancing requires either strengthening the cause-risk link to increase the probability that the opportunity will occur, or reinforcing the risk-effect link to maximise its positive impact. If attending a trade show creates the opportunity for new business, action can be taken to maximise visibility and attract contacts.
• Accepting that an opportunity cannot be influenced proactively means that attention is focused on its effect. Contingency funds might be allocated to take advantage of positive impacts, or a specific fallback plan could be developed for use if we were lucky and the opportunity happened.
The value of risk metalanguage in risk identification is already well-known. Now the same technique can provide a framework for development of appropriate responses to both threats and opportunities, ensuring that actions effectively achieve the desired results.
© April 2006, Dr David Hillson, PMP FAPM
About The Author:
Dr David Hillson PMP FAPM writes and consults ON risj management across a range of businesses. To provide feedback on this Briefing Note, or for more details on how to develop effective risk management, contact the Risk Doctor (info@risk-doctor.com), or visit the Risk Doctor website (www.risk-doctor.com).
Comments
You must be logged in to comment.