Here we are in the middle of the COVID-19 pandemic when travel restrictions apply, social-distancing is the new normal, and our operations have been severely affected by these unprecedented times!
Yet, for well-organised Indigenous corporations who have conducted Risk Management Planning, they will have been able to re-organise and pivot because of their plans.
So, what is Risk Management Planning?
Risk Management Planning is the process of:
- Identifying the risks that your organisation faces,
- Analysing and assessing those risks,
- And then developing strategies to manage those risks.
The recent Covid-19 pandemic is a good example of how a well-prepared organisation with disaster-management strategies may have been better prepared to deal with it than another organisation that did not prepare and had to make up actions as it developed.
It is unlikely that any organisation predicted a global pandemic with such nasty health impacts that could shut down the world within weeks. However, some organisations may have identified some risk-event that could force the organisation to temporarily shut down.
Such an organisation may then have been able to adapt their strategies to deal with a Covid-19 enforced shutdown.
While the risks can vary from organisation to organisation and even within organisations from activity to activity, the process of preparing a Risk Management Plan is a common, logical step-by-step process that anyone can follow.
There are four steps in the Risk Management Planning Process.
They are: -
Step 1 Identify the risks
Step 2 Assess the risks
Step 3 Map the risks on a Risk Matrix
Step 4 Create strategies to manage the risks
The first step in preparing your Risk Management Plan is to identify the risks that your organisation faces.
A process to follow when you identify risk might be to first review your organisation’s activities:
- What are your key business systems?
- What are your core services and “back-room” activities?
- How is your staff organised?
- What are some critical resources?
- What could negatively affect your systems, services and activities, staff or resources?
Next, you might want to review trends in society and economics affecting your organisation.
Assessing both your operational model and the world around your organisation will help you think about what aspects you cannot work without, and what might happen to them. In particular, you might want to evaluate your work procedures (checklists, processes etc.) to see which parts or steps are open to risk.
Step 2 is to assess the risks.
Not all risk-events have to be actively managed.
For example, there may be a risk in a meals-on-wheels service that one of the cookers might break down. If you had several active cookers, the risk of one of them breaking down may be a risk you accept and deal with it only when it happens.
However, if it is your only cooker, then the risk could be a major risk and you have to do something to manage it actively.
The level of risk is a function of the likelihood of that risk happening and the consequence of that risk happening.
A risk that will almost certainly occur, and if it occurs will have a catastrophic effect on your organisation has a high level of risk.
On the other hand, a risk-event that is totally unlikely to happen and will only have a marginal effect on your organisation has a low level of risk.
Identifying the level of risk allows you to prioritise and allocate your resources accordingly.
The process to assess the risks you have identified is therefore two-fold: -
- First, you assess the likelihood of it happening; then
- You assess what the impact of it on your organisation could be.
Step 3 is to map the risks on a Risk Matrix.
In the Risk Matrix, on the left-hand axis is the scale of Likelihood, ranging from “Rare” at the bottom, to “Certain” at the top. On the bottom axis is the scale of Consequences, ranging from “Negligible” on the left to “Catastrophic” on the right.
For example if you have ranked a risk as "Likely" and "Catastrophic" you would write that risk on the Risk Matrix where the red "X" is marked.
The Risk Matrix represents a one-page picture of all of your identified risks, and of how critical each of those risks is. It helps you prioritise the actions you need to take to manage the risks.
From the analysis in the Risk Matrix, you can then decide on strategies in Step 4, and doing so, allocate time and resources to either reducing the likelihood of the risk-event taking place, or to reduce the impact and consequences if it did take place.
By understanding what risks your organisation faces, and what the risk-events mean to your organisation, you can find ways to reduce their impact before they happen. This is an incredibly powerful tool, especially if coupled with a contingency plan for your most critical risks.
I am planning an online Risk Management Planning program, designed to assist Indigenous organisations to prepare their own Risk Management Plans.
It will explain what a Risk Management Plan is and how you can use it to better manage your organisation.
It will take you step-by-step into the process so that you prepare your own Risk Management Plan as you follow the program on your computer.
If you are interested in learning more when the programme is ready, click here to give me your details and I will let you know when it is available for you to review and see if it is suitable for your organisation.