Facilitating risk assessment
Last episode in our our discussion on how to facilitate High Quality Risk Assessment, we covered finer points on how to facilitate the session, as well as the minimum necessary steps to assess risk: Likelihood, Consequence, Existing controls; Tolerance. This methodology is presented as a generic model for your consideration.
Risk register - what goes into it? Let’s move on now to consider carefully the full significance of the risk register.
What have we accomplished so far?
Do we have a one-dimensional risk assessment? No, it is multi-disciplinary. Do we have notes from a wandering discussion? No, we have the result of a disciplined procedure.
In fact, we have semi-quantitative analysis; that is, the numerical ranking of a series of qualitative statements which might otherwise have simply been lumped together indiscriminately.
The qualitative statements (risk statements) are themselves a product of refinement, informed by:
- sound planning process;
- opinion of key persons;
- consistent definition of context and risk;
- contemplation of many sources of risk (risk categories).
Significance: Quality is being infused into the process at each step -- without necessarily spending more time in planning and meetings than was done previously.
The risk ID process, using the closely defined and consistent formulation of risk statements -- always focused on the intended goals and objectives -- results in a document expressing a concentration of careful analysis.
The result: the risk register participants start to perceive the risk profile in a much more nuanced and insightful manner than they were able to do before.
Breakthrough Risk Mitigation
If the risk register is developed as we recommend, how does it lead to formulating mitigation action that is truly “breakthrough” and dramatic?
- expert participants in risk ID and mitigation sessions
- sorting on risk information to shed light on the risk profile
novel interpretation of risk profile: identify fundamental risks
- the risk profile that is more than the sum of its parts, thanks to the rigour in the process
- the insight is then possible into previously unnamed fundamental risks that undermine the business
- could be a trust issue, or personnel burnout, or something involving attitudes and motivations
- the sheer rigour in the process leads to addressing the issue and novel solutions
- the risk register enables evidence-based decisions, where subjective experience can be gathered in a process that has credibility and rigour
consider values as serious risk criteria to arrive at novel solutions
- e.g., the mechanics of the operation seem fine, but confident complaints (and harm to the business) are values-related
creativity and innovation
- introducing imaginative and unorthodox solutions
- taking it offline as special project
- do not short-change this part of the process
How is the risk register used going forward?
- transformed from a static snapshot to a dynamic management tool
1. Facilitating High Quality Risk Assessment signifies not only procedural tips but also reviewing 4 distinct criteria for each risk.
2. The risk register, when complete, consists of highly refined and carefully qualified information, and has validity by virtue of the quality that went into the planning and risk ID processes.
3. The result is that participants are able to gain a much more complete, nuanced and incisive view of the risk profile than they would normally think of.
4. This enables, in turn, dramatic, breakthrough risk mitigation, often consisting of finally recognizing and solving fundamental and chronic business problems that were undermining the organization’s mission and operations.
”Poorly understood chronic problems often have to do with the nebulous and difficult questions of communications and working relationships...” (Robertson, p.58, Section 2.5 Risk Mitigation and Review)
(E. Robertson 2016) Solving the Enterprise Risk Management Puzzle: Secrets to Successful Implementation
(E.Robertson 2006) Navigating the Labyrinth: Risk Analysis for Tough Issues
This article relates 2 case studies: the consideration of corporate values led to breakthrough mitigation.
Final Episode: The C-Suite Considers ERMWhat are likely the key questions of senior executive in considering the adoptio
Opportunity and InnovationWhat is the “upside” of risk? Does ERM manage opportunity meaningfully? The whol
Due Diligence, Risk ID for Major ProjectsDue diligence is not the same as risk assessment, but they are complementary. Le
Is Financial Risk Management Equivalent to ERM?Enterprise Risk Management, for some, consists solely of Financial Risk Manageme