Risks and rewards

Risks and rewards

Risks and rewards

We all take risks. Most times we do not compute the level of risk – these are the kinds of risks that are part and parcel of daily life. If I lend my son the car, I am running a risk that he might damage it, a risk that he might drive recklessly and injure himself or someone else, a risk that ... if we paid too much attention to such risks we would become paralysed. The same is true within business.

All business decisions involve some level of risk. Again, for most decisions, the level of risk is assumed, not analysed. However, for some decisions the risk rises to a level where some (at least semi-formal) analysis and understanding is required. If nothing else, we may need to show after the event that we had considered the risk we were undertaking.

Of course there is little point in analysing risk unless we then do something about it. The real choices are to find ways of minimising the risk or to find ways of ameliorating the effects if anything goes wrong – having contingency plans in place, for example.

In practice, I have noticed "lip service" being paid to risk analysis. Many organisations have some form of structured risk analysis – the kind where one assesses both the likelihood of something and the consequences of it happening. These two factors are then combined to give a numerical value to "the risk". Too often, though, that is where the process ends. The analyst has done his/her job – computed the risk and added the results to the project/decision documentation. The "system" has delivered.

Another problem with such a process is that "analysts" can be "over-thorough" – identifying all potential risks and classifying and coding them. The real risks may then get lost in this forest of analysis.

Risk management must be more sophisticated. It must analyse in an "exceptional" way so that only the "real" risks are considered – but that these are acted upon. Either we do establish contingency and coping strategies (including, where appropriate, taking out insurance against the risk) – or we analyse our activities to make sure we have a "balanced portfolio" of activities with different levels of non-related risk. This means that if one activity (or a few) has negative consequences, it is more than balanced by those that turn out as planned.

The one thing that risk analysis and management must not do is to make an organisation unduly risk-averse. This would be the equivalent of the "paralysis" at a personal level referred to above. Risk management – in fact management, generally – must accept risk as a normal part of business activity.

High performing companies do take risks. Those that remain high performing over a long period have almost certainly learned to manage risks. The fast rising – and equally fast-falling – stars of the business world often never manage it. They take one unmanaged risk too many – and suffer the consequences.

So the secret with risk is to accept, analyse and act. Anything else is too much of a risk!

John Heap