As is often repeated on this blog and elsewhere, the focus of risk management should not be minimizing harm to the organization but achieving objectives and maximizing success. No company can (…or should) try to avoid all risks. Taking this route can be disastrous, especially in today’s world.
When developing strategy, hopefully your organization is using scenario planning to see if objectives are feasible.
Once risks to these objectives have been identified and their impact and likelihood is understood, the next step is to determine how best to respond.
One option is to avoid the risk altogether. As I explain in a previous article on four common risk response strategies:
When you choose the avoidance option, you’re closing off any possibility that the risk will pose a threat to your enterprise.
But while this may seem like an attractive option, it just isn’t practical in many cases.
The fact is that every organization has to take risks in order to survive and thrive. A previous article on the consequences of not being proactive with risk management provides a glimpse of what can happen to organizations that take a reactive approach or try to avoid risks at all costs.
While your organization may want to avoid a particular risk, there are often cases where this isn’t possible.
Much to our dismay, there are things that are simply out of our control – this is true both professionally and personally.
In the context of your organization, the elements we cannot control are external by default. Some examples can include:
- Legislation or new regulations that will have an impact on the business
- Technological advances
- Changes in consumer demands
- Social issues
- The broader economy
By contrast, internal factors can be changed or can at least be managed.
Take employee compensation. The company has to decide…do we increase pay and benefits to retain talent, or do we want to save money and run the risk of higher employee turnover?
A company’s supply chain is another great example. How is our business dependent on outsiders to fulfill our mission? What redundancies, backups, or insurance options should we have?
For external factors outside of your control, start by finding elements of the risk that you can actually manage.
Although there are risks from outside your organization that you cannot control, often times there are elements of the risk that you can. You may not be able to change the impact or likelihood, so it will simply come down to determining how best to respond.
Motivational author and consultant Bassam Tarazi says it best:
The only thing you can really control is how you react to things out of your control.
Take the list of examples from earlier…
In the case of a new law or regulation, what preparations can be made before the new rules go into effect? Are there ways we can influence this decision (i.e. lobby for change)?
You cannot control shifting consumer demands, but you can change the products you produce or services you offer, how you market them, and so on.
Technological advances are happening whether we like it or not – you can’t avoid it. However, you can determine how to harness technology or address some of the impacts these advances will have on your organization.
The economy is most definitely out of your control, but you can control/influence your organization’s investment strategy, and as I explain here, harness KRIs to see if trouble is brewing.
And last but not least, what about social issues?
We cannot control things that happen or how people (e.g. society) react, but we at least have some control over how these issues impact our organization through our response both internally and/or externally.
There are countless other examples I could mention. In the end, you only have control over so much. The pace of change and the impact external events can have on your organization is a prime exhibit of why a robust ERM process embedded within decision-making is so crucial to success in today’s world.
What approach does your organization take in response to risks and situations outside your control?
To share your thoughts and experiences, leave a comment below or join the conversation on LinkedIn.
And if your organization is struggling to manage unavoidable risks or develop an effective risk-based response to external events, please don’t hesitate to contact me to discuss your specific situation today.
Featured image courtesy of Luca Bravo via Unsplash.com
Receive our Weekly Blog Updates
Helping companies achieve their vision and strategy, and succeeding in today's turbulent world, is something I'm honored to be a part of. Whether you're an occasional blog visitor or a long-term client, thank you for letting us be a part of your journey.