Any successful organization is able to identify, evaluate, and manage any operational risk that may arise. These risks can range from a failed business process to an external event. In a post at the Project Risk Coach, Harry Hall elaborates on how to develop a plan to manage operational risk.
Handling the Biggest Risks
There are four types of risks organizations need to be aware of:
- Process risk
- People risk
- System risk
- External event risk
A process risk involves “the processes organizations use to deliver products and services.” Operational processes are the backbone of the organization that help sustain its livelihood. Any processes developed should be created with best practices in mind so that efficiency and economy are ensured.
Since the organization is comprised of a plethora of people, there is always the threat of people risk. These types of risks include: employee theft, errors, death, resignations, or poor employee performance. This type of risk can be managed with a better hiring process, increased training, and proactive succession planning.
System risk is everything encompassing equipment and software. Technology is vulnerable to cyber-attacks, which lead to data breaches. Do not allow for customers’ information to be stolen and ultimately harm the company’s reputation.
The final type of risk is external event. It is nearly impossible to accurately predict all of the outside forces that may be working against you. Whether it be a tornado or a problem with a vendor, these outside risks can cause a huge threat.
Risk management plans can be created at different levels within the business. The final plan should be one that adds value and is not a mere checklist. It may additionally be helpful to delegate a person with risk management experience the task of creating the plan. The actual plan itself should include things such as the risk environment, methodology, roles and responsibilities, timing, categories, measure, definitions, and reporting formats.
It is rather important to link operations managers’ mindset about projects with that of the project managers’ mindset. Operations managers view operations as never-ending while project managers have a view that is slightly more temporary. One easy way to link the two is to develop a project that will create an operational response for data breaches.
You can read the original post here: http://projectriskcoach.com/2016/01/20/how-to-develop-an-operational-risk-management-plan/