Wednesday, April 18, 2012

Risk Analysis

Evaluating and Managing Risks

Almost all of the things that we do at work involve risk of some kind, but it can sometimes be challenging to identify risk, let alone to prepare for it.

Risk Analysis helps you understand risk, so that you can manage it, and minimize disruption to your plans. Risk Analysis also helps you control risk in a cost-effective way.

In this article, we'll look at how you can identify and manage risk effectively.

What is Risk Analysis?

Risk Analysis helps you identify and manage potential problems that could undermine key business initiatives or projects.

Risk is made up of two things: the probability of something going wrong, and the negative consequences that will happen if it does.

You carry out a Risk Analysis by first identifying the possible threats that you face, and by then estimating the likelihood that these threats will materialize.

Risk Analysis can be quite involved, and it's useful in a variety of situations. To do an in-depth analysis, you'll need to draw on detailed information such as project plans, financial data, security protocols, marketing forecasts, or other relevant information.

When to Use Risk Analysis

Risk analysis is useful in many situations, for example, when you're:

  • Planning projects, to help you anticipate and neutralize possible problems.
  • Deciding whether or not to move forward with a project.
  • Improving safety and managing potential risks in the workplace.
  • Preparing for events such as equipment or technology failure, theft, staff sickness, or natural disasters.
  • Planning for changes in your environment, such as new competitors coming into the market, or changes to government policy.

How to Use Risk Analysis

To carry out a risk analysis, follow these steps:

1. Identify Threats

The first step in Risk Analysis is to identify the existing and possible threats that you might face. These can come from many different sources. For instance:

  • Human - from illness, death, injury, or other loss of a key individual.
  • Operational - from disruption to supplies and operations, loss of access to essential assets, or failures in distribution.
  • Reputational - from loss of customer or employee confidence, or damage to market reputation.
  • Procedural - from failures of accountability, internal systems and controls; or from fraud.
  • Project - from going over budget, taking too long on key tasks, or experiencing issues with product or service quality.
  • Financial - from business failure, stock market fluctuations, interest rate changes, or non-availability of funding.
  • Technical - from advances in technology, or from technical failure.
  • Natural - from weather, natural disasters, or disease.
  • Political - from changes in tax, public opinion, government policy, or foreign influence.
  • Structural - from dangerous chemicals, poor lighting, falling boxes, or any situation where staff, products, or technology can be harmed.

It's easy to overlook important threats, so make sure that you do as thorough an analysis as you can. You can use a number of different approaches to do this:

  • Run through a list such as the one above to see if any of these threats are relevant.
  • Think about the systems, processes, or structures that you use, and analyze risks to any part of these. Then, see if you can spot any vulnerabilities within them.
  • Ask others who might have different perspectives. If you're leading a team, ask for input from your people, and consult other people in your organization or those who have run similar projects.

Tools such as SWOT Analysis and PEST Analysis can also help you uncover threats, while Scenario Analysis helps you explore threats that you might encounter in the "different futures" that your organization might face.

2. Estimate Risk

Once you've identified the threats you're facing, you need to work out both the likelihood of these threats being realized, and their possible impact.

One way of doing this is to make your best estimate of the probability of the event occurring, and then multiply this by the amount it will cost you to set things right if it happens. This gives you a value for the risk:

Risk Value = Probability of Event x Cost of Event

As a simple example, let's say that you've identified a risk that your rent may increase substantially.

You think that there's an 80 percent chance of this happening within the next year, because your landlord has recently increased rents for other businesses. If this happens, it will cost your business an extra $500,000 over the next year.

So the risk value of the rent increase is:

0.80 (Probability of Event) x $500,000 (Cost of Event) = $400,000 (Risk Value)

You can also use a Risk Impact/Probability Chart to assess risk. By using these charts, you can quickly identify which risks you need to focus on.

Don't rush this step. Gather as much information as you can so that you can estimate the probability of an event occurring, and its costs, as accurately as possible. Probabilities are particularly hard to assess: where you can, base these on past data.
3. Manage Risk

Once you've identified the value of the risks you face, you can start to look at ways of managing them.

When you do this, it's important to choose cost-effective approaches - in many cases, there's no point in spending more to eliminate a risk than the cost of the event if it occurs. So, it may be better to accept the risk than it is to use excessive resources to eliminate it. Be sensible in how you apply this, though, especially if this involves ethical decisions or affects people's safety.

You can manage risks by:

  • Using existing assets - this may involve reusing or redeploying existing equipment, improving existing methods and systems, changing people's responsibilities, improving accountability and internal controls, and so on.
  • You can also manage risks by adding or changing things. For instance, you could do this by choosing different materials, by improving safety procedures or safety gear, or by adding a layer of security to your organization's IT systems.
  • Developing a contingency plan - this is where you accept a risk, but develop a plan to minimize its effects if it happens.
  • A good contingency plan will allow you to take action immediately, and with the minimum of project control, if you find yourself in a crisis. Contingency plans also form a key part of Business Continuity Planning (BCP) or Business Continuity Management (BCM).
  • Investing in new resources - your Risk Analysis will help you decide whether you need to bring in additional resources to counter the risk. This can include insuring the risk - this is particularly important where the risk is so great that it can threaten your solvency.
  • You might also want to develop a procedural prevention plan. This defines the activities that need to take place every day, week, month, or year to monitor or mitigate the risks you've identified. For example, you may want to arrange a daily backup of computer files, yearly testing of your building's sprinkler system, or a monthly check on your organization's security system.

4. Review

Once you've carried out a Risk Analysis and have managed risks appropriately, conduct regular reviews. This is because the costs and impacts of some risks may change, other risks may become obsolete, and new risks may appear.

These reviews may involve re-doing your Risk Analysis, as well as testing systems and plans appropriately.

Key Points

Risk Analysis is a proven way of identifying and assessing factors that could negatively affect the success of a business or project. It allows you to examine the risks that you or your organization face, and decide whether or not to move forward with a decision.

You do a Risk Analysis by identify threats, and by then estimating the likelihood of those threats being realized.

Once you've worked out the value of the risks you face, you can start looking at ways to manage them effectively. This may include using existing assets, developing a contingency plan, or investing in new resources.

Be thorough with your Risk Analysis, and be sensible with how you apply your findings.

Thanks to Mind Tools / Mind Tools Ltd


No comments: