Risk Management – Using a risk breakdown structure
In this session I want to talk about the risk breakdown structure and how we use it to assist us to identify risk within our organisation.
If you are a large organisation, it would be a great challenge for you to walk into a risk workshop and say “right, what are our risks?” We need something to break that down a bit; otherwise it’s like trying to eat an elephant. So we use the sources of risk or a risk breakdown structure.
A risk breakdown structure looks at all of the activities that you need to undertake as an organisation; all of the prerequisites that you need for your organisation; things like you staff, your contracts and so forth. So the process that we use is to identify all of those things. Once we have identified all of those constituent elements, it allows us to then ask two fundamental questions against each of those boxes:
1) What has gone wrong in the past?
2) What could go wrong in the future?
In doing so, we get a comprehensive list of those risk events against each of those elements of a risk breakdown structure. Now it’s very difficult for me to talk about a risk breakdown structure without showing you, so I’ve put some examples on the website as well as some PowerPoint slides to demonstrate how we might use that risk breakdown structure to come up with that comprehensive list of risks for our organisation.
The key is to spend some time on the risk breakdown structure. If you can do that and identify all of those activities, all of those prerequisites, all of those external factors to your organisation and then asked the two questions, “what has gone wrong in the past?” and “what could go wrong in the future?”. Your risk register will be extremely comprehensive and the chances of you missing something are greatly reduced.
So please take advantage of the resources.
Once again, and as always, let’s be careful out there.