In the simplest of terms, risk management helps you function in the real world. Organizations are under constant assault from both anticipated and unanticipated events which threaten to derail their plans. Risk management is what helps them understand, prepare for and react to these events. The largest firms will spend thousands of hours and billions of dollars on risk and compliance annually and there are dozens of different standards or methodologies to help guide the risk manager. But what do you do if you are a small organization and there is no money for training or consulting? Or if risk management is the second or third responsibility on your job description – the one you never quite get around to?
If you find yourself in this position, you need something simple, robust and accessible. This is the core focus for Riskademy. Essentially, this is the material I wished that I had when I started as a risk manager. This is the culmination of over 15 years of risk management consulting, research, education and trial and error. When you read about Bob, the fictitious risk manager I use to illustrate some of the concepts, I am essentially talking about myself all of those years ago. If nothing else, these materials should help you avoid making the mistakes I made along the way and save you some reading.
The Risk Management Model
With accessibility and simplicity in mind, Riskademy’s risk management model is based on three main components – Understand, Address, and Monitor & Respond.
- Understand – Everything you do to understand the risks your organization faces and how these can affect its objectives.
- Address – The specific steps taken to minimize downside risks and to maximize opportunities, all aimed at supporting the organization’s objectives.
- Monitor & Respond – Ongoing monitoring to identify any changes to normal operations allows additional controls or response measures to be implemented to address risk events.
Supporting these three main components are system maintenance activities to keep things running smoothly.
This three-part framework keeps things simple and is easier to implement than something with six or seven elements. Despite this brevity, all of the main elements of a risk management system are still represented in this framework, it’s just the structure that is more straightforward.
These three components and the maintenance activities are broken down into twelve core elements which provide a foundation for risk management. They can be applied in the majority of situations. These twelve core elements cover the theoretical aspects of risk management, explain the practical application of these concepts and provide additional guidance for the day-to-day maintenance of a risk management programme.
This system is designed to be practical, quickly deployable and applicable in organizations without a dedicated staff or significant budget for risk management. Nevertheless, these elements are theoretically sound and adhere to well-recognized principles meaning that this system is scalable, robust and can be integrated into more formal risk management systems at later date.
12 Core Elements for Risk Management
Monitor and Respond
- Trigger monitoring and horizon scanning
- Program management
- Change management
- The risk manager’s role
These twelve elements develop the risk management system in a layered fashion, beginning with a theoretical foundation before moving on to practical how-to articles, accompanied by tools and templates to help with implementation.
For example, the first module on Understanding contains the following elements:
- What Do You Mean By…Risk? – a short essay defining risk and the associated terms
- How to…conduct a risk assessment – explains the steps in the risk assessment process along with some specific processes to apply
- A risk assessment spreadsheet template – will automate a number of the steps to speed up the assessment process. You just need to supply the info. If you need something more powerful, the DCDR software tool might help.
Risk management is an enormous subject and each of the topics above could easily keep us busy for months. Moreover, there are all kinds of nooks and crannies we could get lost in but these twelve elements should provide enough to get you started as a risk manager. If you only want to be ‘risk aware’, these core topics might be all you need. The ‘top-twelve’ also provides a solid foundation that can be built on over time for someone just starting out as a risk manager.
The only health-warning is to note that the how-to articles and tools assume that you are comfortable with the underlying theory. If you are new to risk management, start with the theoretical elements to put things into context. I found that understanding the theoretical side (which I came to relatively late) really helped me with the practical application. I’m not saying you have to read lots of academic papers to be a risk manager, but you will be a more effective risk manager if you have a good grasp of the theory. On the plus side, having read through a lot of academic and theoretical material myself, I hope I can point you to the most relevant material as early as possible.
So that’s the foundation for both the concepts taught in Riskademy and the structure for the training courses themselves. The Risk Management Foundation course will launch in mid- to late 2017 but a shorter, Risk Manager’s Basics course will launch in June to meet the immediate needs of anyone who has to start work on a risk assessment now.
Please comment if you think something has been overlooked. After all, this is a resource for people to use so it has to provide what people actually need. Also, use the link below to sign up for more information on course launches and to get access to material prior to open release.