Risk Management Strategies | A step by step Guide
Risk Management Strategies

Risk Management Strategies | A step by step Guide

Last updated on 16th Jul 2020, Blog, General

About author

Kathir (Jira Administrator )

He is a TOP-Rated Domain Expert with 11+ Years Of Experience, Also He is a Respective Technical Recruiter for Past 5 Years & Share's this Informative Articles For Freshers

(5.0) | 15012 Ratings 1636

What is a Risk Management Strategy?

A risk management strategy provides a structured and coherent approach to identifying, assessing and managing risk. It builds in a process for regularly updating and reviewing the assessment based on new developments or actions taken.  A risk management strategy can be developed and implemented by even the smallest of groups or projects or built into a complex strategy for a multi-site international organisation.

    Subscribe For Free Demo


    The process of identifying and reviewing the risks that you face is known as risk assessment.  By assessing risks you are able to be actively aware of where uncertainty surrounding events or outcomes exists and identifying steps that can be taken to protect the organisation, people and assets concerned.  How this is achieved and the level of detail which is considered can vary between organisations.  In many circumstances, where staff or volunteers have a more hands-on role in the organisation, the Management Committee may not carry out the risk assessment themselves.

    Risk Management Strategies

    Example 1:

    Implementing a risk management strategy in a small organisation

    Lone Fathers Action Group set aside one committee meeting per year to review the major risks faced by the group.  One committee member has responsibility for risk management and facilitates the discussion.  They ensure that the discussion is documented and use subsequent meetings to check progress against actions are then followed up in subsequent meetings.  Every 6 months this committee member reports to the committee on any changes in the levels of risk faced.

    Example 2:

    Implementing a risk management strategy in a large organisation

    In Tree Conservation International, risk management is one of the key responsibilities of the Assistant Director.  They provide training for each manager within the organisation to ensure that risk assessment is built into their working practices and to enable them to carry out annual risk assessments of each project, using the organisation’s templates.  These are then collated by the Assistant Director to enable Senior Managers to discuss and assess the overall risks to the organisation.  A prioritised profile of the top 30 risks is then presented to the Management Committee for their consideration to ensure they are happy to accept the risks to the organisation and approve the actions being taken.  This process usually takes 2 months.  Progress is reviewed after 6 months with a report sent to the Management Committee.  Risks are reassessed annually.

    Conducting risk assessment

    Regardless of who carries it out, risk assessment should be:

    • systematic;
    • recorded; and
    • regularly reviewed.

     Make a Plan

    Every business should have a solid risk management plan. Here’s a guide to putting one together.

    The format can vary widely, depending on your company’s needs. A risk management plan for a large, complex business could easily run to hundreds of pages, while a small business might just have a small spreadsheet focusing on the main items.

    There are a few essential items to include in a risk management plan, however. Here they are:

    • a list of individual risks
    • a rating of each risk based on likelihood and impact
    • an assessment of current controls
    • a plan of action

    Let’s look at each of those in turn. If you’ve been following the series so far, you’ll notice that we already covered the first two items in the last tutorial. So we’ve got a good head-start on our plan already. Here’s the sample table we put together last time:

    RiskLikelihood   Impact   Risk Score
    Key client XYZ Corp is late paying its invoice.5210
    Loss of power for more than 24 hours.133
    Our COO Janet leaves the company.4416
    A new competitor undercuts the price of our main product.2510
    Scathing product review from an influential magazine/website.326

    Your full plan will of course have a lot more items, but this example at least illustrates the format. You can refer to the other tutorial for more details about what each score means.

    So to complete our risk management plan, we just need to add two more columns to our table.

    The first new column is an assessment of current controls. For each of the risks you’ve identified, what are you currently doing to control that risk, and how effective is it?

    For example, let’s look at the first item on our table: “Key client XYZ Corp is late paying its invoice.” Maybe you are already controlling for that risk by having automated reminders sent out when the invoice is close to its due date, and having one of your staff members responsible for following up personally with phone calls and emails. You’d list those as existing controls on your risk management plan.

    So the next step is to consider the effectiveness of those actions. How well are things working right now? If your client almost always pays on time, for example, then your controls are effective. But if XYZ Corp has been late with its payments two or three times already this year, the controls are inadequate. Again, you could use a simple five-point scale here:

    1. very inadequate, or non-existent
    2. inadequate
    3. satisfactory
    4. strong
    5. very strong

    Then the final element of your plan details the action you plan to take in order to manage the risk more effectively. What could you do, either to reduce the likelihood of that event happening, or to minimize its impact when it does happen?

    Course Curriculum

    Get JOB Oriented JIRA Certification Course

    Weekday / Weekend BatchesSee Batch Details

    This last item is a little more complex, so we’ll look at it in some more detail in the next section of this tutorial.

    Decide How to Handle Each Risk

    So at this point in the series, we’ve identified all the main risks in our business, prioritized them based on likelihood and impact, and assessed the effectiveness of our current controls.

    The next step is to decide what to do about each risk, so that we can manage them best. In the world of risk management, there are four main strategies:

    1. Avoid it.
    2. Reduce it.
    3. Transfer it.
    4. Accept it.

    Each strategy has its own advantages and disadvantages, and you’ll probably end up using all four. Sometimes it may be necessary to avoid a risk, and other times you’ll want to reduce it, transfer it, or simply accept it. Let’s look at what those terms mean, and how to decide on the right classification to use for each of your own business risks.

    Avoid the Risk

    Sometimes, a risk will be so serious that you simply want to eliminate it, for example by avoiding the activity altogether, or using a completely different approach. If a particular type of trading is very risky, you may decide it’s not worth the potential reward, and abandon it.

    The advantage of this strategy is that it’s the most effective way of dealing with a risk. By stopping the activity that’s causing the potential problems, you eliminate the chance of incurring losses. But the disadvantage is that you also lose out on any benefits too. Risky activities can be very profitable, or perhaps have other benefits for your company. So this strategy is best used as a last resort, when you’ve tried the other strategies and found that the risk level is still too high.

    Risk Management Strategies

    Reduce the Risk

    If you don’t want to abandon the activity altogether, a common approach is to reduce the risk associated with it. Take steps to make the negative outcome less likely to occur, or to minimize its impact when it does occur.

    With our earlier case, “Key client XYZ Corp is late paying its invoice”, for example, we could reduce the likelihood by offering an incentive to the client to pay its bills on time. Maybe a 10% discount for early payment, and a penalty for late payment. Dealing with late-paying customers can be tricky, and we covered it more in our tutorial on managing cash flow more efficiently, but these are a couple of options.

    In the same example, we could reduce the impact by arranging access to a short-term credit facility. That way, even if the client does pay late, we don’t run out of money. For more on short-term borrowing options like factoring and lines of credit, see our tutorial on borrowing money to fund a business.

    This is probably the most common strategy, and is appropriate for a wide range of different risks. It lets you continue with the activity, but with measures in place to make it less dangerous. If done well, you have the best of both worlds. But the danger is that your controls are ineffective, and you end up still suffering the loss that you feared.

    Transfer the Risk

    We’re all familiar with the concept of insurance from our everyday lives, and the same applies in business. An insurance contract is basically a transfer of risk from one party to another, with a payment in return.

    When you own a home, for example, there’s a big risk of losses from fire, theft, and other damage. So you can buy a home insurance policy, and transfer that risk to the insurance company. If anything goes wrong, it’s the insurance company that bears the loss, and in return for that peace of mind, you pay a premium.

    When you own a business, you have the option to transfer many of your risks to an insurance company as well. You can insure your properties and vehicles, and also take out various types of liability insurance to protect yourself from lawsuits. We’ll look at insurance in more detail in the next tutorial in the series, but it’s a good option for dealing with risks that have a large potential impact, as long as you can find an affordable policy.

    Accept the Risk

    As we’ve seen, risk management comes at a price. Avoiding a risk means constricting your company’s activities and missing out on potential benefits. Reducing a risk can involve costly new systems or cumbersome processes and controls. And transferring a risk also has a cost, for example an insurance premium.

    Risk Management Sample Resumes! Download & Edit, Get Noticed by Top Employers! Download

    So in the case of minor risks, it may be best simply to accept them. There’s no sense investing in a whole new suite of expensive software just to mitigate a risk that wouldn’t have had a very big impact anyway. For the risks that received a low score for impact and likelihood, look for a simple, low-cost solution, and if you can’t find one, it may be worth simply accepting the risk and continuing with business as usual.

    The advantage of accepting a risk is pretty clear: there’s no cost, and it frees up resources to focus on more serious risks. The downside is also pretty clear: you have no controls in place. If the impact and likelihood are minor, that may be fine. But make sure you’ve assessed those things correctly, so that you don’t get a nasty surprise.

    Are you looking training with Right Jobs?

    Contact Us
    Get Training Quote for Free