|Product dimensions:||6.00(w) x 9.00(h) x 0.16(d)|
Read an Excerpt
If ..., Then ...
The Power of Risk Management for Busy People with Other Things to Do
By Tom O'Connor
AuthorHouseCopyright © 2014 Tom O'Connor
All rights reserved.
What Is Risk Management?
Risk without Risk Management—A Small Biz Case Study
blog.sms-ga.com, November 2013
A friend and colleague owns businesses in three locations within the United States. I do not know the exact size of each, but I'll guess they are in the small to midsized category. He is a capable manager and probably assumes he can handle whatever comes up.
Now let us refer to these three locations as A, B, and C. He and his family reside near one of them. He divides his time between the three locations on a regular basis. And his business has recently experienced an unexpected upsurge in business.
Very recently, one of his distant key employees suffered a disabling injury due to an accident and will be unable to work for two to three months. This prompted immediate travel to this other location with the parting words, "I'll be there for two to three months." This seems like a reasonable and necessary response. But it is also where the informal, subconscious approach to risk management falls apart.
Now his planned task list is turned upside down. His other two locations are without his attention and help, his employees may be confused about their authority and priorities in his absence, and his overall business may suffer as a result until he can get everything put back together as a smoothly running organization—in other words, the ingredients for a setback with bottom-line implications.
There is an alternative to such an informal, seat-of-the-pants approach to risk management. It can lead you to preplanned responses instead of quickly conceived reactions born under a sense of urgency. It can help you see beyond the immediate issue and address the implications that ripple through the rest of the organization. It also communicates your planned response and the secondary ramifications of your response to others in the organization—the people who make it run. And all of this can be accomplished in a planning mode, not a crisis mode.
An often overlooked step in the planning process ...
As a person with significant professional responsibilities, you probably worry about things that might go wrong. But worrying is not a productive activity. To turn unproductive worries into productive action, planning is the necessary ingredient to put those worries to productive use.
The act of planning is ubiquitous even though lots of planning never gets recorded on paper or in a computer file. You surely have visions of the future, near and far, and strive to achieve them. The typical planning process starts with the desired objective and then identifies the steps to achieve it.
But these steps don't always unfold the way you want them to. You know that, but you frequently bypass the part of the planning process that could help prevent you from being caught flat-footed and asking the question, "What might go wrong?" This is the starting point for risk management. It is the starting point for you to protect your plans and activate your ability to achieve your goals and objectives on time and within budget.
So if you acknowledge that an extra step in the planning process might save your plans from delays, added expense, and maybe even abandonment, what do you do next?
Well, you can start wondering about how the rest of the professional world employs risk management. And here is where it can get a little confusing if you are not clear in what you may be looking for.
Risk management shows signs of an identity crisis ...
Once you start to look for it, risk management can be found in lots of places. A simple Internet search demonstrates that there is no shortage of opinions, specialized expertise, recommended credentials, and international standards and sophisticated and expensive tools available. But a closer look reveals a critical fact:
The banner of risk management is carried by many different professions with differing meanings.
They are not all referring to the same range of risks or even what to do about them. So the first words to the wise are "One size does not fit all."
Once you comprehend the fact that the risk management banner carried by an insurance agent is not the same as the banner carried by a compliance officer in a bank or the COO of a manufacturing company, you can become more specific in your research to address your own particular needs.
But the fact remains that if you are looking for guidance in addressing a broad definition of risk management, the search results can still be intimidating. The sirens of international standards, infrastructure, specialists, the needs of governance, and some confusing terminology can easily lead you to the conclusion that the commitment is just too great to venture beyond what you may already be doing. This expense and complexity is not required for getting tangible results from the fundamentals of risk management offered by the Protect-Biz risk management planning process.
This book is about getting started with risk management:
without specialists (long term);
with minimal infrastructure;
without international standards;
using simple terminology; and
at minimal cost and commitment
while on a very short path to achieving self-sufficiency and independence in managing your own risks
The straightforward mantra "Identify, avoid, anticipate, and get back to work" is our beacon. But what is even more basic than the "Identify, avoid, and anticipate" mantra? It is foresight—creating the foresight that allows you to avoid learning the hard way through painful and costly hindsight. This is the essence and goal of risk management.
IF ..., THEN ... is all about moving risks from hindsight into foresight. With foresight, you will have more time to prevent risks from causing setbacks for your business—and if you cannot avoid them, you can anticipate them with preplanned responses. With foresight, your actions and responses are rooted in planning, not urgency and crisis.
The Protect-Biz risk management planning process encourages you to start small and simple. But why not with the long-term help of specialists? If, for example, you seriously considered the possibility that a key supplier would file for bankruptcy, would you know what to do to:
position your business to better handle the possibility?
see it coming?
respond quickly and decisively to minimize the impact?
Of course you would. So you don't need much specialized expertise to get that far.
Less infrastructure rather than more
The need for infrastructure is dependent upon the size of your business. But start small, and only add what you need.
Risk management should remain a means to an end (goal accomplishment) rather than an end in and of itself.
Is there a need to go chasing after competing international standards that are not certifiable? Maybe, but certainly not before you have received any benefits from the basic process.
As for terminology ...
Which do you prefer:
1. Risk is any potential obstacle between you and your goals (Protect-Biz); or
2. Risk is the effect of uncertainty on an objective (ISO 31000)?
You decide—which definition leads you to a direct plan of action or is even repeatable by separate assessments?
Or how about wrestling with the term risk appetite? While it can be useful in making decisions, the implication that you have a control knob that allows you to dial up the amount of risk you are willing to accept does not apply to the myriad of risks just waiting to turn your production schedule upside down.
As for cost ...
The approach described in this book estimates that the people who make direct contribution to your risk management plan commit between five and ten dedicated hours to creating the initial plan and then thirty minutes to an hour each month to reviewing and maintaining it. The size of your business will determine the number of people who need to be involved. As an example, we estimate that a company of two to fifty employees may require one or two people to create and manage the risk management plan.
Using this economical process to create foresight will avoid and minimize the surprises that can negatively impact your business. This represents bottom-line value. Moreover, it can create even more value as described in the next chapter.CHAPTER 2
During World War II, then general Dwight D. Eisenhower said, "When preparing for battle, I have found plans to be useless, but planning to be indispensable." Here are many of the ways risk management planning is indispensable.
As stated earlier, risk management is a means to an end, not an end in and of itself. Thus, it must provide tangible benefits to earn a respected place in the manager's tool kit. Tough-minded managers rightfully expect nothing less. Some of the benefits have been stated already, but some have not. Some may surprise you, for they all help change unplanned reactions conceived in moments of urgency into thoughtfully planned responses.
Foresight instead of hindsight
Experience is the teacher of all things.
An extended view into the future
As a business owner or executive, how valuable would it be if you could look into the future? Chances are that it would be invaluable. You would be able to better anticipate market changes, see risks before they happen, and better adapt to business growth. You could also see opportunities and have more time to take better advantage of them.
The Protect-Biz risk management planning process extends your vision into the future. Defining risk as "any potential obstacle between you and your goals" forces you to look beyond the here and now. Additionally, the required definition of trip wires and the designation of trip wire monitors guide the organization to a high level of vigilance for detecting real problems that may start small and grow gradually. Far from a useless exercise, confronting and answering questions about future possibilities moves valid risks into the light of day and into foresight, where they can be avoided and effectively mitigated.
Cost reduction—avoid time and expense just to get back to where you have been
How many times have you been surprised by an event that cost unplanned time and money? While the direct costs are easy to tabulate after the fact, many of the total costs can be as hidden as the bottom of an iceberg. Lost opportunities, distracted attention, rearranged priorities, and the inevitable need to "rob Peter to pay Paul" when resources need to be reassigned just to get back to where you have been can be very costly. Moreover, you rarely go back to account for all of these costs once the problem is behind you. So it gets recorded as just the cost of doing business.
But many of these costs become unnecessary when potential obstacles are brought into the light of day and stored in foresight. As a ship's captain and an aircraft's pilot benefit from longer-range radar, you can benefit from an extended vision into the future. Those potential obstacles can be identified and avoided or minimized by some advance planning. This is what risk management planning can do for your enterprise.
Built around a strong bias for action, not paralysis by analysis
The art of worrying is a common malady in today's world quite simply because things can go wrong. However, worrying is not productive if the process merely generates a lengthening list of things to worry about. Alternatively, these worries can be written down and confronted with two simple questions: 1) "How can I avoid this?" and 2) "How can I reduce the impact of this?" Now this leads to actions that will save time and money and even illuminate new opportunities. This is transforming worry into positive and productive steps to improve your chances of achieving your goals. This bias for action is embedded within the Protect-Biz risk management planning process.
There are many approaches to risk management available. I challenge you to compare them on this criterion—bias for constructive action. If you are committed to risk management as a means to goal achievement, a strong bias for constructive action is critical. The alternative is a process that can be long on costs but short on constructive results.
Designed for busy people with other things to do
This process facilitates institutionalizing risk management as a part of every decision maker's job.
Risk management cannot and should not be delegated off of the desk of any individual with the responsibility for goal achievement and success. Thus, risk management is a line, not a staff function. Back to the comment about aircraft pilots—they don't delegate a preflight checklist to a staff function that will remain on the ground. There is a reason for that.
But the fact remains that the people with these responsibilities are very busy people. Asking you to add risk management responsibilities to your extensive list of things to do might be problematic. This is why the Protect-Biz risk management planning process was designed with you in mind. This process will cause basic but critical questions to become second nature:
"What might go wrong?"
"What do I/we assume will go right?" (These are risks too.)
"Can we take action to avoid each possibility?"
"How can we recognize them if they start small?"
"Who is in the best position to see this happening?"
"What actions should we take if any of these occur?"
"Who should have the authority to take these actions?"
Are these questions too burdensome? Actually, I suspect you'll agree that they are critical to effective management at any level.
Protect-Biz Plan Format
Even the copyrighted format of the Protect-Biz risk management plan adds value as it facilitates easy use and maintenance. There is no large document that will sit on a shelf and collect dust. The plan is a straightforward document that can easily be reviewed and updated—no boilerplate, no executive summary, and all text is action oriented. It is as simple as that—simple and powerful.
A shortcut to defining policies and procedures
Have you gotten around to documenting how you want the business to operate? This becomes more important as the business grows, with new people performing tasks that are new to them while the attention of more experienced employees is directed to new responsibilities supporting the growth. But at a time when everyone is busy and the company is in transition, a concentrated effort to document policies and procedures often winds up at the bottom of the priority list.
A risk management planning process undertaken for all of these other reasons and benefits will actually produce a plan that reflects deliberate decisions regarding business operations. The risk management plan will define actions for avoiding and minimizing setbacks, and that is not very far from the basic purpose of documented policies and procedures for the operation of the company. In this case, version 1 of the policies and procedures document can be a free by-product of the risk management planning process.
Excerpted from If ..., Then ... by Tom O'Connor. Copyright © 2014 Tom O'Connor. Excerpted by permission of AuthorHouse.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.
Table of Contents
1. What Is Risk Management?, 1,
2. Benefits, 9,
3. How to Identify, 20,
4. Probability and Impact, 25,
5. How to Avoid, 27,
6. How to Anticipate (Part 1)—Trip Wires and Trip Wire Monitors (Knowing When Action Is Needed), 30,
7. How to Anticipate (Part 2)—Actions to Mitigate and Authority to Mitigate, 35,
8. What Have Your Accomplished Here?, 38,
9. You Can Do This, 40,
10. Epilogue, 42,
Glossary of Terms, 47,
About the Author, 49,
List of Examples Risk, 21,
Actions to Avoid, 27,
Trip Wire and Trip Wire Monitor, 31,
Mitigation Actions, 35,
Authority to Mitigate, 36,