An MBA student once asked me to give her a simple explanation of the "risk management function." After a few minutes of fumbling, I told her that risk management is the process of identifying, prioritizing, and mitigating the impact of unforeseen (and usually negative) events. In other words, it's a form of proactive contingency planning -- either to completely avoid difficult situations, or prepare for them so that any undesirable consequences are lessened.
Her question got me thinking about who is actually responsible for managing risk in an organization. There are many types of risk, and the official risk management function usually only addresses the most critical ones. For example, in a bank, risk management concentrates on financial risk; in a hospital, the focus is on patient and legal risk; in a manufacturing firm, the concern might be product or environmental liability; and in a utility the priority is outages.
Since these "big" risks are either integral to conducting business or threaten business continuity, it's appropriate that they receive special attention and resources. But on a day-to-day basis, managers face many other types of risk that are less visible and therefore receive less attention. But these risks also need to be managed -- and if you're in a position of leadership, the act of managing them is probably up to you.
Here are a few of those less obvious risks that come to mind:
There are undoubtedly many other types of risk that every leader needs to manage -- staffing or skill gap risks (what happens if we lose some key people?); budgetary risks (how do we get our work done if the budget is cut?); supplier risks (how do I cover a shortage of key materials?); and many more. The often-unrecognized part of the manager's job is to identify these risks and prepare for them should they occur. And that goes for unanticipated positive developments as well, for example how to cope with a sudden surge in orders.
Yet at the same time, one of the recurring themes for managers these days is the need to learn how to take risks, which may seem contradictory to the notion of managing them. But in many ways the thought processes for each are the same. To take risks effectively you need to anticipate the possible impacts of your actions, and then make a conscious decision about whether to go forward or not, or to go forward in a way that will reduce negative consequences.
Perhaps one way of learning how to take risks is to be more conscious about the built-in risk management aspects of your job. If you improve your ability to identify and mitigate the ongoing business risks, it should give you more confidence in dealing with the personal risks required for innovation and working outside the box.
To what extent do you consider yourself a risk manager?
Cross-posted from Harvard Business Online
Follow Ron Ashkenas on Twitter: www.twitter.com/RHSAConsulting