Are Any of These 8 Myths About Risk Management Stopping You Managing Your Business, Successfully?

If you have a negative view of Risk Management, it is probably the result of one or more of a number of wrong beliefs. Some are quite understandable, but they are all wrong! Here are the eight most popular misconceptions and why they are wrong.

Risk Management:

1. is another name for Insurance. The world was full of risks from the start: insurance has been around for only a few hundred years. Not all risks are insurable, but they all need to be managed. It is better to prevent the fire, accident or other loss than to receive an insurance payment after the event.

2. is another name for Health & Safety. There are many kinds of risk: property, financial, reputational, environmental, physical, cyber, and business. Health & Safety deals with only one kind. An essential element in good risk management is the balancing of one risk with another, e.g. the risk of a car crash versus the risk of being robbed on the Underground.

3. is a fancy name for Common Sense. If only sense were so common! It is true that good managers have often managed risks successfully without using that term, but there is a danger of overlooking something potentially serious but not obvious. You also need to write down your informal assessment of risk for the benefit of others who may not have your “common” sense.

4. is bureaucratic and time-consuming. Only if you want it to be. Some people make every process bureaucratic and every task time-consuming. If you do everything else efficiently, you can do Risk Management efficiently. Keep it simple.

5. is too expensive. It depends on the risk and the way you decide to manage it. If you cannot find a satisfactory way of controlling a serious risk cheaply, you may have to go for an expensive solution. Compare that with what an accident etc. would cost. Take a balanced view of the options. Often, however, better Risk Management improves efficiency, effectiveness and profitability.

6. is someone else’s responsibility. It can be a good thing to take advice from someone inside or outside your organisation, to bring in an objective view, but the responsibility for managing risk must belong with the responsibility for managing the activity. So whatever is your level of seniority you should be responsible for those risks which you control. Most businesses have Finance Managers but all managers must be responsible for managing the costs of their departments.

7. is something you do to comply with someone else’s requirements. This is the saddest comment I have heard on this subject. Of course we all have to do whatever is needed to please senior management, auditors, funding bodies, or investors, but if that is your focus, you will be missing the opportunity to improve your performance and protect your business, yourself, and others from the risks we all live with.

8. is an attempt at making a risk-free world. Apart from being utterly unattainable, such a world would not be desirable. Risk Management is about balancing one risk with another and deciding which risks are acceptable and to what extent. In your business, only you can decide those things.

So forget the myths and think about the risks which could affect your business. Then think about ways to manage them – sensibly, realistically and profitably.

Posted in Uncategorized | Tagged , , , , , , | Comments Off

Coping With Multiple Uncertainty Factors Through Risk Management

In the past decade, the need to improve organizations’ capability of coping with the changing environment and multiple uncertainty factors has risen significantly. Managers from different market sectors are implementing various methods and processes in order to handle uncertain events with an emphasis on managing their negative impact on organizations and projects managed within them.

The reasons for this are many. Technology and work methods are becoming more complex, while the business landscape is characterized by competitive play rules and regulatory norms, such as the Sarbanes- Oxley (SOX) Act and Bazel regulations, and international models, such as CMMI®. Recent research has demonstrated that those organizations that are implementing effective risk management processes are significantly increasing their chance to reach the goals set before them by reducing operational costs.

While attempting to meet the challenge, a project manager is confronted with
a myriad of tools and methodologies hosted under the same roof of “Risk Management” promising streamlined solutions to managing operational uncertainty within an organization. It is not surprising that Googling for “risk management software” yields not less than 135 million results.

In the course of many years, national and international risk management regulations aimed at streamlining risk management methodologies have been circulated in several countries, Australia, the UK, Canada, the US, and Japan among them. In addition to that, many international institutions, such as the Project Management Institute, the Institute of Electrical and Electronic Engineers, the International Electro Technical Commission and the Federation of European Risk Management have done the same.

The Israel Standard for Risk Management

The Israel Standards Institute established a Technical Committee for Risk Management aiming to assess the ways this issue is regulated in the country. The committee set two tasks before itself:

o Formulating the Israel risk management standard customized to the public needs and culture
o Knowledge flow related to risk management and emphasizing assistance to institutions operating on the international market

After two years of extended research activities it was decided to base the new Israel risk management standard on the existing one of the Standards Institute of Australia and New Zealand – AS/NZS 4360:2004. This standard has been updated several times reflecting very well the leading methodologies in this field. The new standard is not intended for certification purposes. It has an instructive purpose for different organizations that target establishing operational risk management processes on the basis of best practices worldwide.

The standard is compatible with a wide range of international standards and its process related concept is similar to the one found in the quality group of standards. The standard contains relatively general instructions; therefore, organizations adopting it can customize tools and methods to its needs implementing the proposed process across its different phases. The standard is accompanied by an instruction guide that details the tools that can be used for implementing the process the way it is set forth in the standard.

The New Israel Standard – Major Characteristics and Updates

Risk Management Concept

The standard defines risk management within an organization as an iterative process aimed at reaching an appropriate balance between profit opportunity utilization and reduced losses on the one hand, and improving decision making and organizational performance on the other.

The standard positions risk management as an integral part of organizational management and culture relating it both to setting up streamlined work processes and customized tools that will enable the organization to manage them. In management circles, it has been customary to regard risk management as dealing with the negative implications of business events and preventing it. However, the risk management standard rules that exposure to risks may have a positive outcome for an organization based on the definition of risk as an exposure to uncertainty results, or a deviation from the planned or the anticipated.

Risk Management Process

The process described in the new standard is presented in Figure 1 below. As it was mentioned above, it fits the internationally acceptable standards and processes to operational risk management and to the risk management definition of the PMI®. The process comprises several iterative phases that have to be assimilated into the procedures and culture of an organization for achieving continuous improvement and the best management practice.

Risk Management Process – Main Components

Establishing Context

The analysis of the internal and external contexts of the risk management process that form the process landscape setting up measurements and criteria required for risk measurement and analysis.

Risk Identification

Identifying the risks the organization/project/process are exposed to, including their characteristics- period of occurrence, possible reasons for occurrence, ways of expression and impact on organizational activities, including their impact on preventing the realization of organizational goals, or, on the contrary, their contribution to it.

Risk Analysis

Evaluating the relative significance of identified risks, the probability of their occurrence and implications. This analysis will be performed versus the probability of risk occurrence results.

Risk Ranking and Evaluation

A comparative risk level assessment calculated against the measurements periodically defined, or a calculated comparison of possible gains versus losses, thus, enabling one to make management decisions tailored to the required risk handling scope.

Risks Treatment

Establishing and implementing action plans assessed in terms of costs benefits aimed at increasing the possible benefits and reducing the possible costs.

Monitoring & Reviewing

The monitoring of risk management phases is aimed at achieving the state of continuous improvement. Moreover, there is a commitment to monitoring the risks themselves and effectiveness of the actions taken to handle them. The monitoring process enables an organization to use relevant action methods versus the changing circumstances.

Communication and Consulting

Consulting with different stakeholders within the organization in relation to the relevant information derived from the risk management process, across all of its phases.

Summary – Added Value to the Organization Working According to the New Standard

Implementing the risk management standard as part of organizational procedures and tailoring it to the specific needs of the organization will yield improved functioning, better organizational culture and more effective resource allocation. Organizations will be better geared to identify threats and utilize the untapped positive potential of uncertainty. PME TEFEN is well-familiar with many market sectors and business landscapes. The company consultants (many are PMP®-certified) have accumulated extensive experience in implementing risk management in leading companies. Our professionals are well experienced training instructors that will assist your organization in establishing a risk management training program and workshops, coaching your stakeholders and supporting the process from the plan preparation phase to customized implementation integrating the process itself within the organizational procedures and culture.

Posted in Uncategorized | Tagged , , , , , , , | Comments Off