A frequently asked question
“Why do you insist on using a risk (identification) model as the basis for risk management? We can easily do this without a model” It’s a question that comes up on occasion when I am teaching risk management or executing a risk assessment. It’s a relevant question. I’ve put together 5 good reasons to use a risk model, but there are many more, I am sure.
My five main reasons for using a risk identification model
- Clear and consistent understanding of the risks – People’s perception of reality will lead their interpretation of it. While a banana will surely be a banana for most of us, what do we mean by client satisfaction, or workforce motivation? A risk (identification) model will reduced the burden of having to explain every risk related idea and concept as they are already defined in the model;
- Neutrality of the risk description and questions – Although not a direct result of developing a model, the fact it will be used by more than one person leads to a more neutral description of the risks, especially if the participants can propose amendments to the risk descriptions;
- Higher degree of completeness of the risks in the analysis – A key challenge in risk analysis and management is to ensure as high a level of completeness (a reasonable assurance on completeness of the risks) as you can. The use of a model will help participants identify the risks that are not represented by providing a comparative baseline for the risk universe;
- Structuring the risks – a well developed risk (identification) model will provide a structural baseline, which will allow the participants to link risks to areas of occurrence (e.g. does this risk occur in my environment, in my operations or in my decision taking) and to their nature (e.g. is this about the way my process is structured or about the level of job satisfaction of my personnel?)
- Reuse – perhaps the most relevant of reasons: we’ve noted that once an organization has gone through the effort of developing an elaborate risk (identification) model, the model is most of the time reusable in other departments or processes as up to 80% of the risks can be similar in nature.