How to Develop a Risk Management Plan

Risk management is a necessary part of business. Identifying and developing strategies for dealing with risk are crucial for success. You can’t just cross your fingers and hope for the best.

For any project or change, risk will exist. It needs to be identified, and then you either try and avoid it, reduce it, or accept it depending on a number of variables. There’s no one right way to develop a risk management plan, but there are several key components that you’ll want to include.

What is Risk?

In the business world, risk can be defined as the likelihood something will happen, and the impact it could have.

Wikihow defines it, then, as Risk = Probability x Impact.

It’s not a science by any stretch, and different companies will have different formulas for identifying it.

Step 1: Identify the Project or Change

What is being examined? It could be switching suppliers, moving to a new retail location, downsizing the staff, launching a new product, or anything else. Whatever it is, you first identify it, and then speak to everyone involved or connected to it. Have a risk management meeting where all the people involved or affected get together and brainstorm the possible risks (sometimes called “events”) that might occur because of it.

Step 2: Identify the Events that Might Occur

Have the group brainstorm the possible fallout from the project or change - what might happen? List them. Take notes. New supplier? They might not deliver on time. Switching retail location? Current customers may not follow you. Be specific.

Step 3: Determine the Likelihood for Each Event

For each possible event, decide on a likelihood or probability of it actually happening. Some companies assign a simple high, medium, or low. Others use a numerical system (Wikihow suggests using 0.00-0.33 for low probability, 0.34-0.66 for medium, and 0.67-1.00 for high). If there is no chance of something happening, remove it from your list. Is there any way to reduce the likelihood of the event? Any changes or tweaks that could be implemented? Strategize and re-evaluate as necessary.

Step 4: Determine the Effect of Each Event

What would the likely outcome be for each possible event? What would the negative impact be on the project or business as a whole? Assign either low, medium, or high, or a numerical value. Is there any way to reduce the negative effect of the event? Any changes or tweaks that could be implemented? Strategize and re-evaluate as necessary.

Step 5: Calculate the Risk (aka Exposure, or Threat)

Determine the overall risk for each relevant event (this is much easier if you’ve assigned numerical value). Is each individual event low, medium, or high risk? What’s the risk for the project or change as a whole? For example, if the events are all medium risk, then that’s the average. The project itself is medium risk.

A project or change with an overall average of low is definitely worth doing. A medium needs strategies in place to deal with the fall out. A high risk might be too costly and should be shelved until more effective strategies and methods of dealing with it can be created.

Step 6: Assign Roles and Responsibilities

At the end of it all, you should have a detailed list of possible events, their risk value, and strategies to deal with them. Assign roles and responsibilities to everyone involved. Who’s in charge or doing what? Strategies for dealing with risk, no matter how good, only work when successfully implemented.

Risk and business go hand in hand. It’s next to impossible to avoid it. Your best defence is to see it coming, and develop ways to minimize the damage. Avoid it if you can (too high? Not worth it). Reduce it when possible (implement those strategies your team created). And yes, accept it sometimes (when it’s either very low, or outside your control).

Photo Credit: Mdd

Public Domain

CV Writing Services
CV Writing Services