Types of Risk
Welcome to this next session.
What I want to talk about in this session is the fundamental parts of risk and risk management and the different types of risk. And you hear it all the time, we’ve got strategic risk, operational risk, security risk, safety risk, project risk, to think that those things are different is probably leading an organisation down a path to separate out those functions.
The thing that you need to understand around risk and risk management is that a risk is a risk, is a risk.
The only thing that differs is the context within which we manage that risk.
So having a section off doing reputation risk and another section off doing operational risk and another section doing strategic risk can actually diminish your risk management efforts because we are not seeing an elastic view across the whole organisation. So it is really important to understand that risk management as I’ve said in a previous session is all about what can go wrong, what would cause it to go wrong, what controls we have in place to deal with it, how effective are they, what the consequences be and what we can do about it.
Of course, the context that we are talking about here is that the risks are going to have different causes. They are going to have different consequences; those consequences are going to be seen at different levels of the organisation. So we need to make sure that each of those levels of the organisation do have a context that is about meeting their objectives.
So what I mean by that is if the organisation as a whole, sees a risk event or an event that occurs as if it’s got greater than a 20 million dollar consequence, well that is seen as having a severe consequence. But if we try and apply that right throughout the organisation than what we are going to find is that a 1 million dollar project down below would not even get into the spectrum of potentially being a minor consequence against that particular category or that particular matrix. So what we need to understand is that the 1 million dollar project, anything greater than 200 thousand might be a severe consequence to them.
So we need to tailor our context throughout the organisation, but we can have the same critical success factors applied right across the organisation. Safety, reputation, political, financial, understanding that it will change from top to bottom, in projects we will have things around schedule, environmental. All of those can be the same right across the organisation; we can use the same critical success factors. Obviously some of them might not apply to different parts, but if you look at an organisation holistically as opposed to trying to silo our risks then you will be much more successful in achieving the outcomes that are sought by your risk management program.
Always remember a risk, is a risk, is a risk. The only thing that differs is the context, and if we remember that, we are going to manage our risk a lot more effectively and we are going to have a greater co-operation between different parts of the organisation and that’s essentially what we are after.
Ok that’s all for this session, I hope you’ve got something out of it and lets be careful out there.