1. Introduction
The first two parts of the Global Risk Report 2014 deal with processes that are analogous to some of the planning processes of Risk Management used in project management: Plan Risk Management, Identify Risks, and Perform Qualitative and Quantitative Risk Analysis. Part Three of the Global Risk Report 2014 deals with the next process, which is Plan Risk Responses.
2. General Risk Strategies
There are four general strategies for dealing with risk, depending on whether they are negative risks (threats) or positive risks (opportunities). Which strategy to use depends on two factors: the probability of the risk occurring and the impact that it would have on the project if it were to occur. For the sake of simplicity, let’s categorize both the probability and impact of a risk into high and low categories. Then we have the following matrix for negative risks and positive risks:
| Probability | Impact | Strategy (-) | Strategy (+) |
| High | High | Avoid | Exploit |
| Low | High | Transfer | Share |
| High | Low | Mitigate | Enhance |
| Low | Low | Accept | Accept |
3. Strategies for negative risks or threats
a. Accept
As can be seen, if the risk is low in terms of probability and impact, you can simply accept it. Accepting a risk does not mean ignoring it: risks in these categories that are accepted are put in a watch list. During the course of the project, this watch list should be reviewed to see if the probability and/or impact of the risk has increased.
b. Avoid
On the opposite end of the scale, if the probability and impact are high, you should so all you can to avoid that risk. Some ways of avoiding risk are by clarifying requirements so that the potentially high-risk portions of the scope are excluded, or if the risk is to the schedule, by extending the schedule.
c. Transfer
Now, if the impact is high and the probability is low, you may want to transfer the risk to a third party. Examples in the case of manufacturing would include the purchasing of product liability insurance or, if the risk has to do with a certain component, outsourcing the manufacturing of that component to a company that is better equipped to handle it.
d. Mitigate
A fourth strategy occurs when either the impact or the probability is high, and that is to mitigate the risk by lowering the probability of it occurring, or reducing the impact on the project if it occurs.
4. Additional Risk Strategies
Besides the basic four strategies listed above, there are more specific strategies that are mentioned in the Global Risk Report. Most of these are for the reduction of the potential impact of a risk if it were to occur, so they can be considered specific examples of the general “mitigate” strategy listed above.
| Risk Strategy | Explanation |
| Accountability Measures | Finding ways to incentivize individual employees not to cut corners in ways that would normally be undetectable but would increase a firm’s vulnerability in a crisis, such as failing to maintain back-ups. Some firms hire external consultants to assess how effectively they are mitigating risks identified as priorities. |
| Supply-chain Diversification | Sourcing supplies and raw materials from multiple providers in different locations to minimize disruption if one link in the supply chain is broken. Another hedge against sudden unavailability of inputs is to maintain an excess inventory of finished products. |
| Early-Warming Systems | Some firms employ their own teams to scan for specific risks that may be brewing, from political crises, for example, to storms off the coast of Africa that may become hurricanes in the US in the next fortnight. |
| Simulations and tabletop exercises | Many firms simulate crisis situations; for example, by making critical staff unexpectedly unavailable and assessing how other employees cope. Such exercises can capture lessons to be integrated into the risk-management strategy. |
| Back-up sites | Many firms are set up so that if one or more factory or office becomes unusable, others are quickly able to assume the same functions. |
5. CONCLUSION
This gives an example of the kind of risk response thinking that firms use in project management and in enterprise-level risk management. These principles must be adapted to global risks, and the next post will give examples of risk response strategies discussed in the Global Risk Report 2014.
Filed under: Uncategorized |
Leave a Reply