Friday, September 4, 2015

Demystifying Risk Management

Simply put, Risk management (RM) is the identification, assessment, and prioritization of risks (ISO 31000). The Project Management Institute also defines Risk Management in the Context of a Project and, if you want to explore RM further, there's even a more deep path with a certification called PMI Risk Management Professional. It has became a "soundly term" in the last years in all organizations, but it's around since ever and it's quite simple.

Everybody does risk management in their daily life. Want a simple example?
Do you own a car? Do you have a car insurance? That's a Risk Management technique: Risk Deflection. Risk deflection is a strategy for risk avoidance/mitigation, and it consists of assigning risks to another party in a formal way. This other party will be responsible for handling these risks. In some countries, a car insurance is mandatory, but think of other insurances like a Health insurance.

So, is it that easy? Well, it has more to it. Lots of it. But the basics is quite easy to understand. Here's a "simple framework" for dummies example driven:

Risk A: Having a flat tire
Risk B: Having a tire completely ripped apart

The probability of a tire being totally ripped apart is low, but a flat tire is a more common event. The impact of both events is the same: you're on foot and you won't get to your destination (maybe an important meeting).

Risk Management

So, In the above matrix I'm saying that the impact of both events is 0.20 and the probability of Risk A (flat tire) is 0.5 but the probability of Risk B (tire ripped apart) is only 0.1. Multiply the value in the X-axis by the value in the Y-axis and position the risk. As tou can see, Risk A needs action. What's the solution? Well, a spare tire. That's a Risk Management technique: Risk reduction (or mitigation). With this PlanB, we just reduced the impact of Risk A and Risk B:

Risk Management

So far so good. However, with the evolution of technology and manufacturing techniques, car manufactures have realized that the probability of a totally ripped tire is really low and, as you saw, it's actually in the "acceptable" zone (green). So, car manufactures came up with a different contingency plan from the spare tire: Self Inflating Tires. The idea is that if you have a flat tire, it auto-inflates back to allow you to reach the next service station with no need to exchange tires. New BMW cars come with this technology and no spare tyre (meaning less weight, less inconvenience to the driver, more space in the trunk, fuel economy improvement, etc). This technology, however, does not work if the tire is ripped apart. So, what happened is that the new matrix is now a little different:

Risk Management

As you can see, Risk B is back to it's original position and Risk A is mitigated. Both risks are on the acceptable zone now. This is a very basic "for dummies" example, but you get the point. Of course, Risk management has several other intrinsics to it (including several techniques for managing the risk, like the one mentioned above with insurance, Risk deflection), but the basic idea is quite simple. It does sound nice to have "Risk Management Expert" in your "resumé".