Risk management is one of many essential skills not taught in our undergraduate degrees. The adage, “good judgment comes from experience, and experience comes from bad judgment”, is an effective description of our on the job learning approach to managing risk. Unfortunately professional success depends upon the ability to manage risk, and there is often a direct correlation between both the compensation of an individual and the amount of risk he or she manages. As a result, leaving this skill to be honed on the job can often be a disservice to our organizations.
In my previous company I developed a risk management framework to help me better consistently manage the increased span of my post-acquisition role. I used to call the framework Plan B, based on the constant question I would ask my managers (“What’s your plan B?”). The framework is not likely to be used in an MBA program any time soon ;), but I thought it was worth posting to solicit feedback.
The model works like this: all risks can be categorized based on their likelihood to occur and impact in the event they do occur. Using high, medium and low rankings, any risk can be categorized in a 9-box table (see chart). A critical risk is when there is a high impact to the risk and either a high or medium probability of occurring; a low risk has low impact and either low or medium probability, or a low probability and medium impact. Low risks can be accepted, with no defined strategy for mitigating. Moderate risks require a defined and viable plan B that can be executed in the event the plan A does not work. Critical risks require both a plan B and C.
When defining plan Bs and Cs, it is necessary to define what I call a “tripwire date” - a date by which you or your team commit to transition from one plan to another in the event the risk has not been eliminated. By defining both the alternative plan and the tripwire date up front, the decision to transition from one course of action to another is rendered clinical, and thus more consistently executed. I also have on several occasions run two plans parallel for critical risks, an option that is likely less available in smaller organizations.
While Plan B is a simple approach, it has substantially improved the consistency of my personal risk management. I'd be interested in hearing your tips and techniques around managing risks.