|
Follow the information and the links below to see an example of how this tool can help lead you through an organized risk management process.
Setting the Scope - Take some time to decide and specify what areas of the business are at risk, or the ones that you want to focus on. There are several examples of groupings, such as STEEP (strategic, technological, economic, environmental, political,), or using the general areas of management – Strategic, Human Resources, Financial, production, marketing. The key is to be as clear and concise about the areas that you are concerned about being at risk.
. |
|
.
.
Identifying the risks - This is the step where you identify events that could impact your business (both positively and negatively). The key is to identify observable events or situations that will impact your business. While you may create a long list, think about both the opportunity side as well as the threat side of risk. If your list begins to grow too long consider combining or joining similar risks.
There are also lines that ask for contributing factors. These are statement of facts that support that this risk is worth paying attention to. They can be phrased as simple facts or by using words that express the cause, risk and the effect. Words that help describe cause are is, are, do, has, and has not. Words that indicate the risk side include may, might, and then words that describe the effect are would or could. An example statement that illustrates all aspects is “Crop revenue expectations are high, so the land-lord might raise my rent, and my cash-flow would be reduced.”
. |
|
.
Assess & Plot Risks – This step uses words to determine both the probability (likelihood) of these events occurring and impact that these events have on your business (or your scope). Record these rankings on the Risk Matrix. Remember that probability is plotted on the vertical axis, and the impact is on the horizontal access.
. |
|
|
.
Develop strategies - For risks that are identified as threats to your business, try to develop strategies (action steps) you plan to take to utilize the 4 classic responses to threat based risks; avoid, transfer, mitigate and accept. For risks that are identified as opportunities again identify action plans that you will implement to exploit, share, enhance, or ignore the opportunity.
The goal of these actions steps is to move the probability or impact into a more risk tolerant position. – so for threat based risks – moving them to the bottom left corner of the matrix, and for Opportunities moving them to the top left side of the Opportunities section (top middle of the actual chart).
Also in this step is the assignment of a risk owner. This person could be the person responsible and accountable for implementing the strategy should the risk become eminent. It is important that the entire management team agrees on the role of the risk owner, and that the risk owner understands their obligations.
. |
|
.
Reassess Risks – Examine the risks again and if you implement the strategies has the risk changed in either probability or impact. Replot the risks on the risk matrix. Has the probability and impact been moved to an acceptable level.
. |
|
|
|
|