Consequence based risk identification
Well hello and welcome to this blog. What I want to talk about in this blog is consequence based risk identification. I am pretty sure you have never heard of it because it is a methodology that I have recently developed. What do I mean by consequence based risk identification? I have talked to you on other blogs about how we identify risks by asking the question, what can go wrong? Then we look at our risk break down structure and we develop all of that. Consequence based risk identification looks at it from a different perspective. Where we look at the consequence based matrix that we have for the organisation and we ask ourselves what would actually need to occur to see those consequences occur. That is a really good way to identify really high consequence risks within the organisation.
So let’s give you an example. Let’s say that in our compliance matrix within our organisation, we have in there “loss of licence” which would obviously have a significant impact on the organisation. What we can actually do across a workshop is ask what are some of the events that would lead to us losing our accreditation or our licence and once we have listed all of those then we have identified some really high consequence risks. As I have spoken about in previous blogs we then need to have a look at some of the controls around those and make sure that those controls are effective to maintain the likelihood at a lower level.
I will give you another example. It’s really interesting because people always talk about reputational damage. To me, and I know it is somewhat controversial, but reputation is a consequence. So once again, even if we are having a reputation risk workshop at our organisation at a board level or at a senior executive level, the question that we need to ask is what events would occur that would lead to these reputational outcomes that we have in our risk consequence matrix. Once we do that, they are all events. Obviously we can’t think of everything that could go wrong but we can use the excuse of experience of others, or our own experience of things that might have gone wrong in the past and actually capture those as well. Essentially it is just another tool in your tool box to help you identify risk. So look at the question and think of the outcomes that could occur and see what are those consequences and then you have some really meaty risks that you can concentrate on as an organisation. So that’s all I have got for this session, so as always, let’s be careful out there.