Organisations are expected to carry out a set of tasks to achieve the goals set by the management. Risk is the uncertainty of the occurrence of an event that is not intended or an outcome that prevents an organisation in achieving its goal. The process of planning, preparing to mitigate Risks is called ‘Risk Management’. Risk management should be led by professionals who understand the business.
Risk Planning:
Risk planning involves identifying, analysing and evaluating risks and developing an action plan to mitigate the risk. We could examine a rock climber who intends to ascent a mountain.
RISK MANAGEMENT
1. Identify :
The first step of Risk planning is to identify the risks. Climbing a mountain could result in risks such as falling from heights, bruises , broken bones, injuries etc.
2. Analyse :
The second step is to analyse the reasons for the occurrence of these events. The rock climber needs to be knowledgeable about climbing, trained and conditioned for the ascent, else they could have a muscle strain or sprain without even climbing much of the mountain. They should have the skill to climb the mountain. Training, conditioning and skill greatly reduces the risk of injury and increases the chances of succeeding to climb the mountain. However the risk of injury and falling are still there. Having a safety gear, Personal Protective Equipment, ropes, tools and tackles needed to climb the mountain.
3. Evaluate
Being prepared for the climb still does not guarantee the occurrence of those risks. There could be a tool that would not work, a rope that broke or a stressful condition where the climber could not do what is required. Risk evaluation is the process of evaluating the outcome in the event of the ‘Risk’, the severity of the outcome and the probability of occurrence. the matrix is generally a 3X3 or a 5X5 matrix with all the variations in between.
The impact is rated as Negligible, Minor, Moderate, High and Catastrophic and the likelihood is rated as Very low, Low, Medium, High and Very high. The scale chosen to rate the risk should reflect the complexity and criticality of project.
LIKELIHOOD & IMPACT, RISK TREATMENT : Avoid, Treat, Share, Transfer, Accept Risk
3. Risk Mitigation Plan :
The Risk Mitigation Plan includes responses to the various kinds of risk identified.
Risk Mitigation is the process of treating risk in order to avoid , reduce, transfer, share or accept risk. Let’s take the example of our rock climbers to dive in detail the risk mitigation strategy. Risk Management teams chooses the kind of treatment based on the Risk treatment cost and the expected payoff.
1. Risk avoidance :
Risk is treated by avoiding it when it is easy to do so or if the impact of risk is so high and there is a possibility to avoid it. To completely avoid the risks associated with rock climbing, the climbers can trek the mountain instead of climbing the rock. However, trekking the mountain involves a new set of risk which may or may not be as catastrophic and likely to occur as the risks of climbing, but still probable to occur.
MOUNTAIN TREKKING
2. Risk Reduction :
Risk Reduction includes, checks, balances, additional actions strategised to reduce the impact or likelihood of Risk or both . Risk Reduction actions are like having car breaks, seat belts, air bags and indicators and sensors.
They don’t prevent accidents. They provide sufficient information to reduce the risk on an accident and reduce the risk of injury in the unfortunate event of an accident. Often these actions have cost impact, could lead to a new risks which were not noticed or evaluated before. For the current example, rock climbers training, conditioning and improving their skill greatly reduces the risk of injury and increases the chances of succeeding to climb the mountain.
Aron Ralston survived a solo descent of Bluejohn Canyon accident by cutting off his own arm
However the risk of injury and falling are still there. Having a safety gear, Personal Protective Equipment, ropes, tools and tackles needed to climb the mountain. The actions to reduce the risk but not completely prevent them. It is important to have an action plan in the event of risk. Often the actions have to be taken impromptu or at the right time. Take the instance of Aron Ralston who was canyoneering alone through Bluejohn Canyon. While he was descending the lower stretches of the slot canyon, a suspended boulder became dislodged while he was climbing down from it. The boulder first smashed his left hand, and then crushed his right hand against the canyon wall. Ralston had not informed anyone of his hiking plans, nor did he have any way to call for help. He spent five days slowly sipping small amount of remaining water and slowly eating his small amount of food, while repeatedly trying to extricate his arm. After waking at dawn the following day he discovered that his arm had begun to decompose due to the lack of circulation, and then amputated his forearm to break free from the boulder. He then descended the rock miraculously surviving to tell the tale. Risk Management involves taking actions like this which are unconventional and cannot be planned. Ralston later said that if he had amputated his arm earlier, he would have bled to death before being found, while if he had not done it he would have been found dead in the slot canyon days later. Ralston’s actions were not planned. He did his best to respond to the situation at hand and it gave him a possibility to survive.
3. Transfer / Sharing :
Risk Transfer / sharing is a Risk mitigation technique to transfer Risk to a Supplier, Service providers or a professional who knows how to handle Risk better. A recreational rock climbertaking the help of professionals choosing to climb in a controlled environment are examples of ‘Risk Sharing’.
For instance if a company is in the business of producing aluminum products, its prudent for them to hedge the commodity to avoid market risks to the price fluctuation of aluminum. Currency and commodity Hedging , Insurance premiums are the various commonly used Risk Transferring mechanisms.
Risk Sharing
4. Risk Acceptance :
Risk is accepted when it has low impact and likelihood of occurrence or its impossible to do so. Take for instance ‘Free climbing’, an adrenaline pumping rock climbing activity that is done by climbers without any harness or safety ropes attached to them.
Risk Sharing
Sure, they reduce the risk by being knowledgeable about the terrain, climbing, training and conditioning themselves for the ascent. But the risk of falling can’t be avoided. Alex Honnold, a professional rock climber Completes the Most Dangerous Free-Solo Ascent Ever by becoming the first person to reach the top of Yosemite’s 3,000-foot El Capitan wall without ropes. Though the Risk has catastrophic impact and the probability of occurrence was quite high Alex had to train and condition himself and accept the risk to achieve the goal.
Conclusions :
The Risk Management Team should consist of key stake holders to take necessary actions and constantly review and monitor the risks during the execution of the project. A Risk register is used and maintained by the Risk Management Team which is constantly updated from time to time as the project progresses. Often things go wrong or not go as planned. The experience and competence of the team is put to test in such situations.
