Risk Management is a process of identifying, assessing, controlling and prioritizing threats. Every business and organization faces the risk of unexpected, harmful events that can cost the company money or cause it to permanently close.
Various sources for risk:
- Financial uncertainty
- Legal liabilities
- Strategic management errors
- Accidents
- Natural disasters
Out of many types of risks, IT security threats and Data related risks have now become top priority.
Risk management allows organizations to attempt to prepare for the unexpected by minimizing risks and extra costs before they happen.
Process:
For the most part, the process involves following elements, performed, more or less, in the following order.
- Identify the threats
- Assess the vulnerability of critical assets to specific threats
- Determine the risk (i.e. the expected likelihood and consequences of specific types of attacks on specific assets)
- Identify ways to reduce those risks
- Prioritize risk reduction measures
Identification: Risks are about events that, when triggered, cause problems or benefits. Hence, risk identification can start with the source of our problems or with the problem consequences.
Assessment and Determining: Once risks have been identified, they must then be assessed as to their potential severity of impact and to the probability of occurrence.
Example of risk assessment: A NASA model showing areas at high risk from impact for the International Space Station
Following are some images which can help us give an idea to organize the risks management plan and document the risks:
Potential Risk Treatments:
- Avoidance: to refuse to act on.
- Reduction: to optimize the severity of loss.
- Sharing: to transfer the burden. Like insurance.
- Retention: to accept the loss.
A sample of a complete risk tracking template: Time-frame can also be an efficient part of this template.
Following is an interesting TEDx talk on risk management. Chris Davenport in it, talks all about risks. He explains the positivity in risks too. Do watch it if you have time. 🙂 https://www.youtube.com/watch?v=zyet9fPS24k
11 Comments
Trisha Badlu · April 6, 2021 at 2:06 am
Great post Manogna! The example really helps to understand what kinds of risks can be identified as well as how their probability can be determined. There can be a bunch of different risks associated with all kinds of projects, so this makes me wonder what kind of process is used to identify risks. I’d imagine that there are potential risks that would come up after the initial risk assessment process. So how are those potential risks handled, are they ignored or is risk assessment a continuous process throughout the project lifecycle where risks are being re-prioritized as new ones are being identified?
Manogna Pillutla · April 6, 2021 at 12:22 pm
Hey Trisha, good point! I have definitely read through some articles which say that risk management is a continuous process. But, I am not sure at this point on how are risks identified in the first place in practical world.
Autumn Coulton · April 6, 2021 at 5:04 am
Good post, the NASA model example is a very interesting visual. Including the link to the wiki page was a nice touch! The potential risk treatment also shows that if you don’t plan ahead for a risk, there isn’t much you can do if it’s already too late.
Henok Araya · April 6, 2021 at 11:43 am
Quality post! Its very important to asses all the possible risks in an organization/business and have a well defined structure on how to tackle them in times where its necessary.
Vivian Azar · April 6, 2021 at 3:11 pm
Those were some cool images to show for documenting risks, especially the NASA one. I only have experience with making a risk tracking template for a security class, where I did a threat assessment for all the network assets and determined what the associated risk level was along with the impact/control methods. It definitely took me quite a bit of time to think about the different types of threats and how I should go about handling them
Brandon Kresge · April 6, 2021 at 3:55 pm
Great post! All the pictures are really helpful, especially the NASA one. The Ted Talk is also a really good idea. I find it interesting how risks are a bad thing, but can be turned into something good, depending on how the team goes about it. Putting so much time and effort into risk management also shows how much the team cares about the project.
Sean Kinneer · April 6, 2021 at 4:34 pm
Good post, Manogna! You really provided a lot of key information. Risk management is definitely one of the most important things to monitor during the process of any project. I like how you showed where potential risks can originate from and what can be done in order to correct these as well. The NASA example helps provide a good visual of high vs low risk areas.
Chris Kelly · April 6, 2021 at 4:36 pm
Very good post, the pictures do a good job of explaining risk management. An organization needs to identify any risks and also the threat level.
Connor Ellis · April 6, 2021 at 4:56 pm
Great job Mano. Loved the ISS graphic. Reminds me of the suvivor bias example. https://en.wikipedia.org/wiki/Survivorship_bias
Griffin Nye · April 6, 2021 at 5:34 pm
Great post, Manu! You did an excellent job of organizing the information from this chapter. Risk management is always extremely important for a project. Without it, the slightest problem that arises can be the downfall of the project.
Savannah Swartzel · April 7, 2021 at 9:27 am
Great post, I really liked that you have the risk treatments in your post. Your template is a great example of how to organize the risks that someone has to deal with.