What is Risk Management?
At its simplest, “risk management” is managing actual or potential risk. In any organisation, leaders should always be testing the boundaries of risk while pursuing long-term organisational goals. While the future is unknown, potential or probable events and circumstances can be risk managed, particularly when they are within the control of the organisation.
At best, risk management engenders a mindset that values enquiry and considered action. At worst, it is a “tick box” exercise that can lead to a false sense of security. Good risk management assesses the likelihood of something eventuating against the consequences of such an eventuation, and weighing those against the cost such management will incur. The definition of cost should extend beyond the monetary cost, to include health and safety, an organisation’s reputation, and the legal consequences that could arise from poor risk management.
Successful Risk Management
The key to success combines responsible governance and operations (including implementing a strong policy framework), diversifying wherever possible to spread risk, shifting risk to another entity (if at all possible), and consciously electing to avoid a risk that is catastrophic and incapable of mitigation.
Importantly, organisations need to have a robust risk management policy framework which helps balance management of risk within current operational mission and activity – such policies guide staff and the Board in determining what risks will be borne by the organisation, and how those risks will be dealt.
Good risk management involves bringing all of the elements together cohesively, including acknowledging their interdependencies.