Real SCM Challenges.  Real SCM Experts.  Real SCM Solutions.™

HOME                       
Business  Management 
Career Management
Design Management
Environment
Inventory Management
Lean Management
Logistics Management
Project Management 1
Project Management 2
Purchasing Management
Quality Management
Risk Management
Six Sigma
Supply Management

RISK MANAGEMENT
Risk Management: The Basics or, “If you don’t know where you’re going, any road will get you there.”

Mark Fontaine-Westhart
Quality Manager, Bonneville Power Administration

Much of the recent explosion of articles, books, and publications covering risk management can be traced to two seminal events, the September 11th terrorist attacks and the ENRON debacle.   Each in there own way has profoundly affected how we think about risk.   September 11th got everyone’s attention - ENRON helped focus it.

 In response to ENRON (and other corporate scandals), the U.S. Congress passed the Sarbanes-Oxley Act of 2002 as an effort to address gaps in corporate accountability.  Sarbanes-Oxley in turn led to the establishment of an Enterprise Risk Management (ERM) Standard by the Committee of Sponsoring Organizations of the Treadway Commission (referred to simply as COSO).    

The recently developed COSO Enterprise Risk Management (ERM) standard is one of several risk management standards in what is becoming an increasingly crowded arena.   Another standard is the one developed by Council of Standards Australia, referred to as the AS/NZS 4360.  Numerous other risk standards and models have been adopted by various federal agencies, including the Department of Defense, Federal Aviation Administration and General Accounting Office.   If you’re a business confronting the need to develop and implement a consistent risk management system, the task of evaluating which model or approach to use can be daunting, and costly. 

Nearly all risk standards and models share a number of common features.   While some go into excruciating detail in their discussion and treatment of them, fortunately the core features are relatively few.   They include: 

bullet Establishing the context – also known as an environmental assessment.
bullet Risk identification – sometimes referred to as event identification.
bullet Risk assessment – occasionally referred to as analysis (assessment typically involves an appraisal of probability or likelihood and impact or consequences).
bullet Risk response – also known as treatment  (response usually includes consideration of mitigation/reduction, avoidance, sharing or acceptance strategies).
bullet Risk control – sometimes combined with the next feature, monitoring.
bullet Risk monitoring – referred to as review in some circles (monitoring generally includes ongoing oversight to ensure that the system functions properly).
bullet Risk communication – some models combine monitoring and communication. 

Before an organization or business moves ahead with a risk management program or system, several key factors should be considered.  

First, the scope of the risk management program should be examined.  Will it be an enterprise level program?  ERM is more strategic in its focus with financial risk management and related internal controls key components.   Will the program focus on project level activities?  Project risk management typically spotlights events (often external) that can impact project cost, schedule and/or quality.   Or, will it focus on process level activities?   Process risk management typically looks at internal technical, production, quality or business processes and whether they are capable, stable and improving. 

Second, the level of organizational maturity and capability should be understood.   Knowing your organization’s strength and weaknesses is critical to successfully formulating, implementing and managing a risk management program.   Oftentimes managers fail to appreciate organizational limitations when establishing goals.   While knowing where you want to go is essential to getting there, recognizing where you’re starting from is just as important. 

Third, understanding your organization’s culture is often taken for granted.   Explicitly recognizing the individual, group and organizational perceptions and reactions to risk plays a profound role in planning and managing the organizational change required to adopt a successful risk management system. 

Ultimately, risk management comes down to three fundamental considerations: 

  1. Understanding your personal and organizational risk appetite,
  2. Developing and consistently following a standardized methodology that fits your organization, and
  3. Determining the appropriate types and levels of risk controls.

Keeping these three considerations in the forefront will help ensure a relatively smooth process of implementing a risk management program

Previous Articles:

Project Risk Management
Engineering Better Program Management: Report from the field
 

SME Solutions

ISM Solutions

CSUH Solutions

LeanSCM
Solutions
 

Copyright © 2004 LeanSCM llc.  All rights reserved.  Legal Statement.