Risk Identification

This week we will revisit the conversation about the different components of a risk management plan. As a refresher, in a previous post What’s Risk and Why do I want to Manage it?, I referred to a definition of  Risk Management as “The identification, analysis, assessment, control, and avoidance, minimization, or elimination of unacceptable risks. An organization may use risk assumption, risk avoidance, risk retention, risk transfer, or any other strategy (or combination of strategies) in proper management of future events.”  http://www.businessdictionary.com/definition/risk-management.html.  Additionally, we looked at the six basic process components.

1. Identify
2. Analyze
3. Prioritize
4. Control
5. Measure
6. Adjust

After laying the foundation for a good risk management program through the discovery of your risk appetite and tolerance, and by memorializing these in writing. You are now ready to identify the risk that can impact your pursuit of value, or prevent you from achieving your goals.  Here, we’ll focus on two key points. First, what types of risk are you are looking to identify, and second, what are some methods you can use to identify these risks.

Risk identification is a process that can be used at different levels in the organization.  It can be used at a tactical level to determine the viability for the success of a specific project.  Similarly, risk identification can be used at a strategic level when shaping company goals. There is foreseeable risk and unforeseeable risk.  Unforeseeable risk is that which cannot be accurately predicted before it occurs.  On the other hand, foreseeable risk can be more accurately predicted given defined circumstances.  Here we want to discuss that which can be predicted and which you can plan for. We’ll discuss seven areas where foreseeable risk can exist and have a significant impact on your ability to achieve your goals.

1. Economic – Market condition change, such as stock market fluctuations, interest rate changes, or non-availability of funding.  (These can have a positive impact on your business)
2. Human – The human element to any business is a risk.  There could be the lack of skilled labor available, Illness, death, injury, or loss of key individuals, or labor disputes, organized or otherwise.
3. Natural – Weather, natural disasters, or disease interrupting operations either directly or indirectly through vendors and suppliers.
4. Operational – Breakdown in communications, failures of accountability, internal systems, or controls, or from fraud, and disruption to distribution chains.
5. Political – Changes in tax rates, public opinion, government policy, or foreign influence. (These can also have a positive impact on your business)
6. Reputational –A declining reputation as a result of practices or incidents that are perceived as dishonest, disrespectful or incompetent. 
7. Technical – Advances in technology, a lack of required technology, or from technical failure.

While this list discusses seven areas, it is by no means an inclusive list.  The risk facing your business is broad, so we want to begin to provide a framework for the process. 

When I was working for my first real estate development and property management company after retiring from the military, I was a member of a risk management team comprised of internal and external stakeholders.  Annually, we would hold a two-day off-site summit where we would develop our goals for the upcoming year, identify the risk surrounding those goals, and put together an action plan to mitigate the risk and to achieve the goals.  These goals and the action plan were presented to the organization’s senior leadership and something the team was held accountable for.  Every month the team would schedule a call to review the action items and measure our progress.  Identifying the risk that could impact the achievement of our goals was primarily a brainstorming effort and proved to be a successful tool in our case.  While brainstorming is an effective tool, there are several other methods that can be equally if not more effective.  You can also use a combination of different methods.  The key is to select the single or combination of tools that work best for your group.  A few other examples of tools are:

1.        SWOT Analysis - SWOT Analysis is a useful technique for understanding your strengths and weaknesses, and for identifying both the opportunities open to you and the threats you face. If you are not familiar with how to conduct a SWOT analysis, there is a great tutorial following this link at Mindtools.com.
2.        Delphi technique – This is a multi-session data gathering technique where a team of experts is consulted anonymously. A list of questions are sent to experts, their responses are compiled, and results are sent back to the same group for further review until a consensus is reached.  Additional information on how to use the Delphi technique in risk identification can be found at this link on Montools.com.
3.        Failure Mode and Effects Analysis (FMEA) – This is a method I am somewhat familiar with from military days spent identifying and analyzing risk in operations.  By looking at all the things that could possibly go wrong during the planning phase, you can avoid any potential problems that would otherwise take vast effort and expense to correct.
4.     Brainstorming – I find this a great method to be creative, imaginative and engaged in problem-solving or generating ideas.  This method also provides an environment that supports collaboration and participation from the whole group where there is never a “bad idea” during brainstorming. The method brings people’s individual strengths and perspectives into play. Some additional information for brainstorming tips can be found at this link on Mindtools.com.

You have your foundation for a risk management plan with your risk appetite and tolerance statements.  Above we’ve discussed seven areas where you can look to identify risk and four different risk assessment methods you can use either solely or in combination, depending on what works best for your group.  In the next post, we will address the risk that you have identified by learning how to analyze and prioritize your risk.

Until next time, stay safe and be kind to one another.