Business decisions often come with risks to your assets, profits, reputation and other aspects. Risk management allows you to proactively protect the things that are at stake. While identifying, assessing and prioritizing risks are the first steps, perhaps the most challenging part comes next—figuring out what risk management options are best for your situation.
But first, says executive and leadership coach Greg Githens, you have to stop thinking about risk in a negative light.
Githens, who's the author of How to Think Strategically, has managed risk for new product development and has extensively facilitated risk analysis associated with Y2K. He says that business leaders need to think of risk as a neutral term that means both a threat and an opportunity.
“It's helpful for business people to understand that embedded inside risk is opportunity, because people like to chase opportunity," he says. “Risk helps us understand the importance of good-quality decisions, because we all live in a world full of uncertainties."
Make Risk Everyone's Business
Githens notes that risk management alternatives include, in the recommended order:
- Avoidance—a cautious approach that tries to avoid exposure to the risk
- Mitigation—lowering the probability as well as the impact of the risk through various measures
- Transference—transferring the risk to someone else; for example, buying insurance or a warranty
- Active acceptance—creating a contingency plan for when the risk occurs
- Passive acceptance—accepting the risk without doing anything about it
“There are hundreds if not thousands of risk events that can affect you and it can feel really overwhelming," he says. “Start off with paying attention to what's going on in your external environment, and encourage others in your organization to do the same."
He believes it's a mistake to delegate risk to one individual or a team. It's too easy for others to start saying, “That's someone else's job." Leaders should encourage everyone in the organization to pay attention to internal and external risks, and communicate concerns.
“It's everybody's job to be paying attention and make the best decisions they can, knowing that risk is all around us," Githens says.
Identify All Your Risks and Be Proactive
Financial risks are often top of mind but it's important to manage risks that are outside of financial transactions. James Kaiser, support services manager at on-demand massage service Soothe, says for his company, that meant creating a Trust and Safety Team, which handles escalations, such as claims related to property damage, theft and unprofessionalism.
“All team members are certified and trained to thoroughly assess and resolve any situation which can potentially lead to legal action," he says.
Soothe delivers home-based massage services to more than 70 markets in four countries. The company's biggest risks include fraud and safety of its licensed massage therapists. To help mitigate fraud, Soothe uses a self-learning fraud prevention platform, which allows the company to auto-suspend accounts that have high fraud suspicion or incomplete identity.
Risk helps us understand the importance of good-quality decisions, because we all live in a world full of uncertainties.
—Greg Githens, executive and leadership coach
Kaiser recommends being proactive and exploring new solutions and avenues for assessing and managing risk, but says you also need to “be wary of trendy software and make sure the solutions you put into place are tried and tested."
“Stay educated, ask around, attend conventions, go to seminars and webinars—a lot of them are free—ask what other companies with similar business models are doing to manage and mitigate their risk," he advises. “Then, revisit your risk management methods regularly and ask, 'How can we make this better?' or, 'What's slipping through the cracks and why?'"
Invest Resources Into the Right Problem
Risk management requires an investment but often times, organizations invest in the wrong things. For example, Githens says that if you are using an active acceptance strategy—which means you have a contingency plan—be prepared to budget for it.
“A contingency plan is a conscious decision to take some of your scarce organizational resources and spend money to respond a certain way," he says.
Organizations that focus on tangible things like physical assets and financial impact may overlook the human-driven risk. Yet some of the biggest risks in organizations come from people, says Joshua Crumbaugh, CEO at PeopleSec, a people-centric cybersecurity company.
Crumbaugh, an internationally recognized ethical hacker and cybersecurity awareness expert, says there's no boiler-plate approach that works for every organization. But as cybersecurity risks become a growing concern, he says most organizations mistakenly think their biggest risks come from technology, while it's people they should worry about.
“Cybersecurity is [...] a human, not technical problem, and I think it's one of the most fundamentally misunderstood things in cybersecurity," he says.
It's a mistake, he says, to invest “5% of your budget into 90% of your problem, or 90% of your budget into 5% of your problem."
A cybersecurity awareness program helps mitigate the human risk by teaching employees about threats like phishing or insecure public Wi-Fi. But don't overlook training of the executive leadership and board of directors, Crumbaugh says.
“One of the problems is that leaders are not leading when it comes to cybersecurity, and they take a backseat because it's too technical," he says. “But it has to come from the top down. If the most senior levels of management don't care, it's going to trickle down to the lower-level employees."
Githens agrees that it's important to create a culture focused on risk management, because that's what helps leaders make good decisions.
“An effective decision is one that increases your probability of success or decreases your probability of failure," he says. “You've got to consider risk when you're making decisions."
Photo: Getty Images