Risk management is the process of discussing, defining, rating, and formulating a contingency plan if those risks transpire. As soon as you wake up each day you are living in world of risk. You risk slipping and falling on your way to work, getting in a fender-bender in the parking lot, slipping and telling your boss to "f-off", forgetting to brush your teeth, and the list goes on and on. For your business or project, there are also risks but business opens up a whole new set of risks. Legal issues, delayed time lines, budget constraints, loss of personnel, inventory issues, regulatory issues and especially in the cannabis industry, disruptions in business due to law enforcement or political agendas. These are all real risks that as a person or business you must recognize and have a fiduciary responsibility to others (family, stakeholders) to pay attention to and make changes if needed. So how? How do identify, estimate and treat risks? This is going to blow your mind.
These are the recommended steps in risk management using a matrix as pictured (in italic are the mandatory steps):
- Identify risks: Just think. What could go wrong? Be realistic, write them down. No wrong answers here. For our business, it's a Sasquatch Attack and for us personally, a fender-bender. If the company has a SWOT analysis, this will help with identifying risks.
- Describe the risk: The risk may have layers. There may be primary, secondary, tertiary risks.
- Estimate the risk:
- First what type of risk is it? Financial, legal, quality management, what area of the business does it affect?
- What is the likeliness of the risk? Rating the risk 1-10, what is the likeliness of this risk happening? Sometimes, as in the case of Sasquatch Attack!, rated 1 on the scale, you will quickly discover that this risk is a phantom risk. In the case of a fender-bender I would rate that as a 7, more than likely we're likely to be in a fender-bender.
- What would be the impact of the risk? Again rate the impact 1-10. If a there was a Sasquatch Attack! the impact would be a 6...I couldn't imagine the carnage. For a fender-bender the impact would also be high, maybe a 8.
- Delegate risk: Who's in charge of this risk and the person that is enabled and in charge of detecting and acting upon the risk.
- Quantify the risk. Taking your likeliness number and impact number, add them up. Hey, you just quantified risk! How's it feel, amazing right?! Sasquatch is a 7 and fender-bender is a 17. Note: Quantifying is a TOOL in risk management and not the final word, use common sense along with these steps and tools.
- Decide on the overall levels of risks and if it warrants a treatment. If a risk rates 5 and under the treatment might be nothing. You can't do anything about it, but play "damage control" if the risk transpires. If the risk is likely and will have a high impact, as in the fender-bender and scores a 17, it will need a treatment. As for the Sasquatch attack, with a score of 7, the heaviness of the likeliness factor would probably drag this risk into the same realm of doing nothing. If it's not going to happen, forget about it.
- Make changes, consult others, insure or other for risks requiring treatment. Now that the risks have been identified, described, delegated and evaluated, you need to do something about it. In the case of the fender-bender one may take a driving class and obtain insurance. It can also be being very diligent and not distracted while in a Costco parking lot. For other scenarios it may require expert advice, so bringing in a consultant, getting legal advice or, if the risk is extremely likely and will have a high impact, may lead to scrapping the entire project.
- Monitor for risks. Know what you're looking for and keep a look out for indicators.
So there you go. An easy step by step in evaluating risk and being another step ahead in the game.
Keep growing,
Aaron
No comments:
Post a Comment