Let’s face it any venture is faced with risk.  We’ve all heard “No Risk, No Reward” and no one would disagree with Earl Nightingale comment “wherever there is danger, there is opportunity, wherever there is opportunity there is danger, the two are inseparable, they go together”.  These comments support how we have previously defined risk (see what is risk). 

Understanding that all things worth doing contain an element of risk is the first step in developing and implementing a risk management program, heck it’s the first word in RISK management.  In order to manage risk, the various risks need to be identified, and assessed for the probability of the event occurring and the impact the event would have on the business

When developing a risk assessment, an organization should create a list of all the risks that it faces, and drilling down, the reason these risks are listed.  Hopefully the list will be generated by a number of individuals within the organization who have different perspectives of risk.  A customer service manager will have a different view of the risks that he/she face as compared to the CFO of the company, or the VP of Sales.  I believe identifying all risks is important.

As the risk list is being developed, the individual risks will be dropping into several broad categories.  These categories identify not only the major focus of the risks, but also provide a road-map on defining the risk and suggested ways to address them.

Typically all the risks will fall into three categories:

  • Strategic- the risks that are associated with the environment the business operates in including marketplace or industry, regulatory issues, competition, reputation, stakeholders, and technology/obsolescence.
  • Financial – The risks to a companies financial strength including cash flow, profit margins, debt and credit management, interest rate fluctuation, and reserve requirements.
  • Operational – The risks involved in the functional operation of the organization like supply chain, fraud, security, human resources, projects, natural and man made disasters, systems and equipment.

Naturally each of these broad risk categories contain sub categories, and the sub categories break down further into additional sub categories that help to clarify and legitimize the concerns these risks pose.

In the next segment of Risk Management 101 we will look at some of the ways to develop the “Risk List”.