Risk management is one of the more important roles of a manager and a skill that makes a huge difference in the success you achieve. When you really think about it, it shouldn’t be too difficult given that risk management is something we’ve done constantly from the day we’ve been able to make our own decisions. Remember that time you looked down a set of stairs while straddling your bicycle and thought, “can I do this?” I do. And yes, that was one time my risk assessment failed me (thankfully, I was able to jump ship when it was obvious I made the wrong decision).
As much as it’s been a part of our lives for a long time though, risk isn’t quite as simple in the context of business and management.
What Is A Risk?
Basically, it’s the possibility of something going wrong, and it’s often the price we need to pay to pursue an opportunity, which itself is the possibility of a reward. Bigger opportunities come with higher risks, and key to decision-making is weighing in on whether the opportunity is worth the risk. It’s a beautiful push-and-pull, really, and it rules a lot of the work we do in management.
While some decisions have a solid value exchange tied to it, such as when purchasing a commodity, opportunities and risks are only possibilities. This can make decision making a little more complex.
Before I go further, I just wanted to let you know that I’ve made a template on Trello that might help you work practically with this whole concept of risk management. Hopefully, you find it useful. Check out this link for my Trello board templates!
There are two factors to think about when assessing a risk – the probability and the impact.
Assessing probability is simply considering how likely it is that the risk turns into a problem. It could be as simple as a scale of three (high, medium, and low) or you could go all out with a percentage, if the data is available. Rating the probability of a risk turning into an issue gives you a good idea about the urgency of dealing with it.
The impact of a risk is usually more multi-dimensional compared to the probability. If you’re like me, you’d love to see numbers to represent the impact. Financial impact is probably the most tangible way to assess this and in many cases, it’s easy to attach currency to the possible damage the problem would cause. There are other less tangible impact to think about though, such as effort, opportunity loss, and damage to reputation.
Once you’ve identified and assessed all your risks, it’s time to make the first and possibly most important decision – is it worth it? Yes? If you’re mostly convinced it’s worth a go, then it’s time to figure out how to best deal with those risks.
Dealing with risks
The fundamental way to deal with risks is to create a preventive measure to eliminate or reduce the probability of the issue occurring and a countermeasure or mitigation plan to address the impact if and when an issue actually occurs.
There’s actually a couple other things you can do (or not do) that are not usually explicitly talked about in textbooks, and these are “absorbing” and “transferring” risks. In essence, these two are actually more specific ways to prevent and mitigate risks, but I like to keep these in mind because people (myself included) tend to forget that these are options.
Personally, I find this decision table a good basis for managing risks, though take it with a grain of salt, as real-life situations are rarely so simple.
The lower the probability of the risk occurring, the more leverage you have to put off, transfer, or ignore it completely. Likewise, a lower impact gives you an opportunity to accept the fact that it might occur and address it only when it does.
Otherwise known as “prevent”, eliminating a risk means putting safeguards in place to make the risk very unlikely (or in best case, impossible) to turn into an actual problem. For example, taking on a project in a field where your team has no prior experience comes with the risk of delayed deliveries or poor quality. You may want to eliminate the risk by hiring someone who has a proven track record in the area to work with your team.
Plan To Mitigate
In this case, you don’t have to do anything immediately to eliminate the risk. However, you need to have a solid plan on what to do in case the risk becomes an issue. This will often be the best call when there’s virtually no way to prevent the risk from happening (for example, if it’s a completely external factor with little predictability like foreign exchange rates or inflation).
Pushing some risky code to production? As long as your support team is ready to answer customers and roll back if shit hits the fan, it should be a go ahead. If rolling back is not an economical option, however, such as in manufacturing, you might want to reconsider eliminating the risk from the beginning.
Sometimes, it makes the most sense to have someone more experienced deal with the risk on your behalf. Insurance is one of the most basic ways to do this, particularly when the impact of the risk is mostly financial. Executing a waiver is another way to transfer your risk, effectively passing it on to your customer.
Admittedly, transferring a risk almost never absolves you completely from the impact, as certain things, such as reputation and trust, are never transferable to another party. Someone else may be paying the financial cost and you may not be legally liable, but if you fail in any way, there’s an absolute possibility you’ll end up losing customers.
Simply put, you do nothing. It may seem counterproductive at first, but really, there will be a lot of times when the best thing you can do is to do nothing. This way, you can divert your attention and resources to other things that are more important.
Will there be consequences to doing nothing? Definitely maybe. But if you did your risk assessment right, the impact of the risks you take no action on should be minimal at the very least, if they happen at all.
In a nutshell…
Let’s face it, a lot of work and business is essentially gambling. Unlike many forms of gambling, however, only a small part of it is up to chance. Fortunately for us, there’s a level of certainty that’s inherently there and over which we have a decent amount of control.
Almost all decisions you need to make, even the most straightforward ones, will carry with it some risks. Your job is to figure out which risks are worth taking and to make sure you’re getting equivalent value in exchange. Once you do, it then becomes your responsibility to decide how to best deal with the risks and to follow through until they become virtually a non-factor.
Dexter is an engineering manager at Synacy, a co-founder of ATeam Business Software Solutions, and founder of TechManagement.Life. He loves to share his experiences and thoughts on managing software teams and running businesses.