When you hear the word “risk”, many people turn and run, believing it’s something that should be avoided; something that if you ignore, will go away. Many organizations and their management teams – of all levels – have such negative reactions when they hear that 4 letter word. Why? Without facing risk we’d never progress at all. We wouldn’t be flying airplanes and we wouldn’t have innovative people creating new products and services every year. In business, and in fact in our daily lives, it’s almost impossible to achieve some level of success without taking some level of risk. Yet, risk doesn’t need to have a negative connotation.
1. We decide only to act upon those risks we understand and have thoroughly investigated, having reduced our level of anxiety. We understand what we stand to lose or what we stand to gain, and fully understand the level – or chances – of gaining success or failure. .
2. We only act on those risks that we can afford to act on; we know that taking action on the risk might hurt us or delay us in some way but even if we aren’t successful, we can move forward from it.
3. We choose the risks that have an acceptable level of success and reward; ignoring those that don’t provide a high enough level of payoff or success.
Many people think that “risk management” is about eliminating or minimizing risk; not necessarily so. Some risks must be avoided no matter what the circumstances are. For example, no one would want to take a risk that could mean the loss of life, the hurt of a family member – or friends. This should be true for organizations as well. Does an organization really want to do something that may put itself in financial jeopardy, which has the potential to cause a negative public reaction or even put itself out of business? I don’t think so.
Enterprise Risk Management (or ERM) is about understanding the risks of the organization in a consistent way. We build an ERM framework in our lives to make better decisions about taking and managing the risks we encounter. Essentially, we need to make sure we identify what is a risk to us, and our organizations, whether they’re financial risks or operational risks, such as the dreaded risk of ‘system failures’ or making the headlines today – the risk of losing employees because of the H1N1 or H5N1 virus. Do we take the vaccine or don’t we? We then put those risks through our brain against our criteria and determine whether they’re acceptable and worth taking or if we should avoid the risk and move on. But if you’ve put the risk through the criteria in a calm and calculated method, avoiding the risk is simply walking away calmly and keeping an eye open for what’s next. We may even want to take the risk but may not have the support or resources at our disposal to act upon it. Making that decision still doesn’t mean the risk was bad – or a four letter word – but something you walked up to, looked in the face and then made a wise thought out and calculated decision. When you do that, risk isn’t such a bad thing after all.
We all must take responsibility for the risks we encounter during the day and how we respond to them, sometime making good judgments and sometimes not. We have to learn from the bad ones and move on; don’t let them build up and follow you through life. The more you pile up and drag through life, the heavier they get and the harder it is for you – or an organization – to make the right decisions when it counts. Each of us is our own risk manager and if that’s true, risk isn’t such a bad word, is it?