You are already managing risks

How do we start to manage our risks?

It’s an often heard question when talking to organizations about risk management. The honest answer to that is that most organizations already manage risk. It’s often just not called risk management.

Risk management by any other name

Let’s look at a number of examples of risk management which are not necessarily recognized as such:
* Any organization that develops processes to optimize its activities is managing risk. It is managing the risks of its operations not running in an effective and efficient manner;
* Any organization that has a people retention policy is managing risk. It’s managing the risk that good people will leave because they have no clear view on their future development within the company;
* Any organization that has someone who gathers all press articles about it or its sector is managing risk. It is managing the risk that there are opinions or evolutions out there about itself or its market it would not know about.

Integrated risk management occurs enterprise wide

More than starting with risk management, organizations have a need to structure, integrate and optimize risk management. It’s not really about whether or not you manage risk, it’s about how to do it in the most appropriate of manners. And it’s about making the most of risk management.

High level assessment of the appropriateness of current risk management practices

So, if you are hesitant about starting up risk management, don’t be. Chances are you are already managing risk. The question therefore should be whether you are spending the money you spend on risk management in the most appropriate manner. This comes down to asking three basic questions:
1. Are we managing risk in the most optimal integrated manner for our organization? Are we aware of all initiatives being taken and are we integrating them in order to be as cost-effective about risk management as we can be?
2. If we are doing that, do we find optimization opportunities for risk management across functions? Are other functions handling similar issues in different, better ways and do we know about it?
3. Given that, are we exploiting the opportunities to the maximum extent? Risk management is not just about managing the downside. It is also about exploiting the upside, a dimension quite often forgotten.

If you can answer these three questions, you will have a better view on where you are and where you should be going.