Step 7: Perform Risk Management and Contingency Plannin
Why analyze and manage risk?
- It exists whether we recognize it or not.
- We are better to identify risks consciously and determine how best to accept and/or manage them.
- That way, we can decide how much risk we wish to take on and the nature of these risks.
- We should only take on risks willingly in exchange for potential rewards: risk ≈ reward.
What is risk?
- Risk is the potential for loss due to uncertainty. All risks are quantifiable as the product of probability of occurrence and potential harmful consequences (R=PxC). There are generic risks, such as natural or manmade disasters, and there are inherent risks, which are specific to each course of action. Both types must be identified, evaluated, and actively managed.
- There are two focal points of risk management: prevention and mitigation.
Prevention seeks to reduce the probability of harmful events before they occur. Accepting risks without concomitant rewards is reckless and irresponsible. Such risks can actually be considered as hazards and should be eliminated through careful planning.
- The second focus of risk management is mitigation, which comes into play if prevention fails and a harmful event actually occurs. Mitigation entails responding in a timely and effective manner to the event so as to minimize its evolution and impact, taking action to contain its harmful side-effects, and implementing recovery and continuity measures.
- One part of risk mitigation involves contingency planning, so as to deal with harmful events and threats. However, contingency planning can also be used to prepare for exploitation of opportunities arising from chance or the effectiveness of our own plans and actions. In sum, contingency planning is about readiness for both positive and negative outcomes.
Recap of Business Readiness Process
- Ensure vigilance through situational awareness.
- Do preliminary assessment of tasks and time.
- Activate organization or team.
- Conduct reconnaissance.
- Do detailed situational estimate.
- Conduct wargame and decide on optimal course(s) of action.
- Perform risk management and contingency planning.
- Communicate plan and issue direction.
- Build organizational robustness.
- Ensure operational continuity.
- Lead and control execution.
- Assess performance.