pmmagazine.net

Your monthly dose of insightful Project Management articles

pmmagazine.net

Your monthly dose of Project Management articles.

Risk Management

Decision risk management - made simple

By Hans Læssøe | Mar 25, 2019
Decision risk management - made simple

A lot of risk management activities are essentially operational tasks based on prudent cost benefit considerations – like hedging currencies, buying insurances, running safety programs for people and (IT) systems etc. Let us leave that as operations for now.

Decisions made and actions taken are however, all related to the future – just as we are going to spend the rest of our lives in it. Still, business decisions are too often not risk managed with any kind of systematic approach. Why not?

Leaders rightly focus on performance, not on risks. Thus, they do not have, nor give themselves, time to consider things that may never happen anyway. This way they may save several minutes on a small decision and potentially hours or even days on a large strategic decision.

That is not intelligent business decision making.

To support improving this, let me propose a simple way to do prudent risk management – one which may take just minutes to do on your own if/when this is deemed adequate, and one which can easily be scaled up to a full fletched analytical proactive decision risk management activity, when that is the optimal value add. The approach comes in four steps:

Targeting – Identifying – Prioritising – Acting or “TIPA” as a short memory word.

 Step 1 – Targeting

You are about to make a decision or initiate an action of whatever size. The targeting question is, how can you tell a success from a failure. Even for a small/fast decision – consider – “when all the dust has settled, how do you know you made the right decision”.

Define what is your target/aspiration and how you see/measure it.

Blatantly, and based on Douglas Hubbard’s best-seller “How to measure anything” – if you cannot measure/see the difference between the right and the wrong decision – the choice you make does not matter. But - let us agree – it does matter, and thus it can be seen and hence measured. The target will be some performance metric.

This step implicitly includes deciding what you will do to meet your target.

 Step 2 – Identifying

According to the ISO 31000 standard, risks affect performance and can do so in positive as well as negative ways (the standard actually states that risks affects objectives, but I disagree on that detail).

Hence, do remember to look for “positive risks” with the same tenacity as looking for negative risks. Leveraging a 100,000$ opportunity is, after all, as valuable for you as avoiding a 100,000$ risk.

Then, look holistically. Do not just focus on the process/activity you are about to decide upon (which is in the middle of the model below). You also have to look at which risks (good or bad) may emerge from-, or can be imposed:

  • Upstream – the processes and activities that comes before, whatever activity/process/area you are looking at with the decision you are contemplating.
  • Downstream – processes and activities that comes after what activity/process/area you are looking at with this decision.
  • Supporting functions/processes – such as IT, HR, Finance or whatever supporting processes and activities are there for your area of focus.
  • External conditions – be it legislative, market/competitive, technological, environmental, reputational, and such issues which also may affect your decision.

Not all of these five “boxes” will be equally relevant for every decision. If so, you may park those not relevant after having thought it through. For easy reference, you can leverage a model like the one shown here.

Step 3 – Prioritising

This step is somewhat analytical. For each risk/opportunity you identify, address “how important is this”. For small and simple decisions under known circumstances, this may be based on just your immediate thought based on experience … although you should be careful about that as human beings are immensely biased when making decisions. As a tip – try acting like a software when you do something. Ask yourself “are you sure?” before deciding.

For even slightly more complex or larger issues – do make the analyses based on facts – and/or ask a subject matter expert, in your organisation to do so. This way, you can validly prioritize based on facts and not some opaque and biased gut feeling.

This prioritisation means that you decide to act on some of the risks, others you decide to accept without further ado. That is your call as decision maker.

 Step 4 – Acting

Last. Looking at the opportunities you wish to leverage and the risk you wish to mitigate/handle – the question is “how” – what will you do/which actions will you take. Define what to do, and embed in your planning/execution.

This will add activities and hence time and costs to whatever you do to execute on your decision – but you have decided it will benefit the outcome of the decision (haven’t you?).

 Closing

Now, I have not mentioned anything about reporting and follow-up or the like. Do that the same way as you would without the risk management – potentially with a few added measures embedded to monitor risk exposure – just add what you need.

So! Summing up - all it takes to make value adding and proactive decision risk management … is just responding to a few questions:

  • What do you aim for, and how do you plan to get there?
  • What may happen?
  • How important is that?
  • What will you do about it?

Naturally – the more complex or “large” the decision – the more diligent you should be. But even for the smallest decision you make, it will add value to your decision making to spend a bit of time thinking it through in a systematic way.

After all, prevention is better than cure, or as Benjamin Franklin stated more than 200 years ago “by failing to prepare, you are preparing to fail”.

Implementing proactive decision focused risk management does not need to be more complicated than that. However, when looking at complex decisions with multiple options and/or strategies aimed to be effective for years into the future – it will require some effort to optimize the balance between planning and execution – optimizing performance.

With this in place as a standard business practice, you are no longer managing risks, but executing intelligent risk taking and hereby gaining a competitive advantage over those who still make gut-feeling decisions and then try to rescue these by reactive management of risks afterwards.

 Good Luck – and remember, “luck favours the prepared” as Luis Pasteur stated.

Source


Published at pmmagazine.net with the consent of the author

Hans Læssøe

About author

Driving manoeuvrability as a competitive advantage

Hans Læssøe M. Sc. has 35 years of industry experience from the LEGO Group covering IT, manufacturing capacity planning, benchmarking and strategy, over product development, strategic planning and financial and strategic business controlling.

From 2007 Hans Læssøe established and lead the LEGO Group’s Strategic Risk Management function as a new entity. Over the years, this functional area was expanded to cover Strategic Scenario Planning, Project Risk and Opportunity management as well as Enterprise Risk Management. The processes and tools developed are today standard operating procedures at the LEGO Group. Over the years, Hans Læssøe and through him, the LEGO Group won multiple International awards for the competency and value of the efforts.

Hans Læssøe has been member of Danish, European as well as US risk management networks, and served on the RIMS Strategic Risk Management Development Council. Hans Læssøe is co-author of the RIMS Strategic Risk Management Implementation Guide.

Hans Læssøe is author and co-author of multiple articles in international magazines. In February 2018, Hans Læssøe published the book “Prepare to Dare” on implementing and leveraging risk management tools and processes to truly create value for the organisation. Hans Læssøe have also given multiple keynote and other speeches at conferences.

Hans Læssøe is a Certified Professional and Approved Lead Trainer on the ISO 31000 risk management standard.

In 2017 Hans Læssøe founded the consulting company AKTUS, where the name is based on the Danish words “Aktiv Usikkerhed”, i.e. Active Uncertainty and the belief that uncertainties are a fact of life. Hence as a business leader you may as well use these actively as leverage to drive competitive advantage. The perspective of AKTUS consulting is to go beyond traditional risk management and enable deliberate and intelligent risk taking.

View all articles
    •  
    •  

Hans Læssøe

Driving manoeuvrability as a competitive advantage

    •  
    •  
Total Articles: 1
Risk Management 1