Where do we begin
So you’ve decided risk management is a good idea but where do we begin thinking about all the risks we face?
We could refer to the definition of risk which is uncertain factors or events that can affect the achievement of business objectives. This means thinking about your goals and identify what could stop your success. One of our guiding principles refers to holistic thinking and a classic risk model that helps us think holistically is the STO – Strategic, Tactical and Operational model shown here.
My organisation face hundreds of risks
The problem is that most organisations are complex, which mean you may be facing hundreds of risks. At GOAT, we believe no one should be looking at any more than 10-12 risks so they can focus on what matters. This is not to say a big complex organisation only has a dozen risks, rather it means oversight and management needs to be distributed similar to an organisation structure. For example, the Board and CEO and might focus on the 10-12 principal risks often included in annual reports and presentations to investors. These would be owned by Senior leaders reporting into the CEO, but if the organisation is substantial enough, then each Senior leader might be responsible for a department, business unit or team and they might have their own 10-12 risks which is distributed amongst their direct reports. This ensures risk is owned and managed at the right level and can be quickly escalated up the organisation.
For those needing more specific help to identify risks, a risk universe is a great starting point that you can use to prompt the thinking. We share a simple one below, it’s not meant to have everything under the sun but summarised at a high enough level that most specific risks can fit into these categories. Be sure to make the risks meaningful by making them your own.
Download a one page version of this post to get a closer look at the Risk Universe