Risk Management Paradigm
In a world where 90% of VC backed businesses, and as many as 70% of major IT projects fail, managing risk must be a major job of the CEO and all management teams. Risk must be aggressively managed at all levels of the organization. Though the scope and cost will vary, employees need to be empowered to take risks. It is an integral part of constant improvement, for without improvement any company will eventually die in today's fast changing world economy. It follows then that taking risks must also be an acceptable part of any corporate culture, as there is no progress or reward without some risk.
Risk is ALWAYS there it can come from both known and unknown factors. It is impossible to bring risk to zero because the unknown factors, by definition, can never all be know. i.e. you can never prove that risk does not exists just like you can not prove any negative.
The known factors are the easiest to assess and manage and generally come from the following areas:
Functions of Risk Management
Each risk goes through these functions sequentially, but the activity occurs continuously, concurrently (e.g., risks are tracked in parallel while new risks are identified and analyzed), and iteratively (e.g., the mitigation plan for one risk may yield another risk).
In a development project, the loss describes the impact to the project which could be in the form of diminished quality of the end product, increased costs, delayed completion, or failure.
Risk Versus Opportunity
Risk and opportunity go hand in hand. Many projects strive to advance current capabilities and achieve something that hasn't been done before. The opportunity for advancement cannot be achieved without taking risk. Risk in itself is not bad; risk is essential to progress, and failure is often a key part of learning. In fact the best way to success is often to fail more and faster. But we must learn to balance the possible negative consequences of risk against the potential benefits of its associated opportunity.
Risk Management is a practice with processes, methods, and tools for managing risks in any project. It provides a disciplined environment for proactive decision-making to:
The continuous aspect of risk management is that is it always there and must be managed. There are seven principles which help provide a framework for effective risk management and allow you to objectively access how complete a view you have on each risk:
Risk management is one of the most important and most often ignored aspects of getting a new company or product to profitability. You must be honest with yourself about what factors are out of your control and how to manage them. You must also be willing and able to access where you might be wrong in any of your premises that would impact the business and have an idea what you could do if each one proves true. This can be from assuming you can get a high price, that proves unachievable to not understanding the the customer does not even want to use your product for some very subtle reason that you only discover late in the game. Constant contact with customers is the best way to manage many risks. An advisory board of customers can be really helpful in this process too.
It is too easy to get tunnel vision and "not see the forest for the trees" if you cannot be totally objective, and most people can not, then get outside help to access business and market risks. Although this is not practical on an ongoing basis it is a great starting point to identify the key risks and begin an internal process to access each risk that could literally destroy your business. Once these are identified you can assign the task of monitoring and alleviating each risk to key executives as these may not fall on obvious departmental lines.
is the author of four books on growing companies and CEO of C-Level
Enterprises, Inc. which helps companies grow more rapidly with
products, training and consulting.
The diagram and some structure and text for this article were provided by The Software Engineering Institute (SEI). Additional material and editing has been done by C-Level Enterprises to incorporate specific philosophies developed by us. The SEI is a federally funded research and development center sponsored by the U.S. Department of Defense through the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics [OUSD (AT&L)]. As such this material is available for publication freely.