IT GovernanceRisk Management

9 Steps to Embracing Risk Analysis in the Enterprise

It is a pretty safe bet that nobody involved in the development of Skynet in the Terminator franchise ever practiced good risk management. Otherwise, there would not be so many time traveling killer robots all over the place. But the truth is that many challenges facing the world economy today can in some part be traced back to a lack of risk management and analysis. Randy Heffernan writes in a blog about how it has become necessary not just to use risk analysis but to use it across the various departments of an organization to understand what threats face the company as a whole. He provides us with nine steps to implementing risk analysis, especially the types that make use of quantitative risk management (QRM) and decision-making under uncertainty (DMUU):

  1. Embrace risk management.
  2. Invest budget.
  3. Communicate clearly.
  4. Illustrate with numbers.
  5. Create structure.
  6. Think laterally.
  7. View the complete picture.
  8. Report, review, and learn new tricks.
  9. Supply evidence.

Firstly, the organization must acknowledge how important risk management is in the first place, or else there is no hope to proceed. Beyond that, risk management should be seen as an investment or an insurance policy rather than overhead, since it is money spent now to prevent scenarios that could cost exponentially more later. As new risk processes are set into place, it is important to develop a clear language that uses numbers to convey seriousness of risks. You should also use numbers to illustrate:

Qualitative assessment is essential, but numbers are more powerful. For example, talking about the percentage chance of meeting a deadline or budget is much clearer than discussing how it ‘probably’ will or won’t happen. This is critical for avoiding miscommunication regarding assumptions. Monte Carlo simulation provides the actual probabilities of various scenarios occurring, and is a good way to illustrate the consequences of different courses of action.

And just as language must be clear, so too must be the roles of the individuals and groups involved in order to properly distribute responsibilities. This means creating the right organizational structure. The realm of risk analysis means being ready for external problems as well as internal problems, and so developing methods to think laterally at factors outside the business that could affect revenue will also play a part in keeping the organization’s head above water. You have to be able to take into account every type of variable that plays into the business if you want to minimize the failure rate of products and services, and that includes political and cultural factors. As always, you need to be able to review and revise methodology as necessary to address elements that are and are not working. Finally, you should supply evidence that the programs you use work in order to validate the cost spent toward its implementation.

If we are to prevent a post-apocalyptic world where cyborg skeletons with Austrian accents decimate the human race for the heck of it, risk management is going to have to take center stage sooner or later. Take the proper steps to ensure that your best contingency plan is not just some guy named John Connor.

Show More

Leave a Reply


We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.