I have written recently about the lack of effective Risk Management in big business.  I referred to the Harvard Business Review of June 2012 and commented that the issues raised are still relevant today.

You might ask, “So what?  What can we do about it?”

Here are some suggestions drawn from that Review.

The first thing is to divide all risks into these three classifications:

  1. Operational
  2. Strategic

Let us be clear about what these categories are.

  1. Refers to risks arising when things go wrong in the daily operation of the business. These should be preventable.  There should be risk control measures in place and employees should follow the correct procedures.  One underrated way to minimise mishaps like these is to have a policy to encourage whistleblowers.  All too often the culture is heavily biased against blowing whistles.  We should recognise that the whistleblower is doing us all a favour.
  2. Refers to risks arising from decisions made at the top regarless of how well or otherwise they are implemented.
  3. Refers to circumstances beyond the control of anyone in the business, such as the weather, changes in legislation, the level of economic activity or the actions of the firm’s competitors.

A different approach is needed for each category of risk.  I will be writing in future about the ways to deal with the second and third categories of risk, but a good start is to recognise that there are the three groups and to ask whether you are addressing all of them or devoting all your efforts to managing one.