This post is intended to provide the foundational concepts around sustainable risk management. This post also recommends adopting sustainable risk management as a core discipline within sustainable change delivery. This is part of a series that provides the foundation for understanding sustainable change delivery.
“It is far better to grasp the universe as it really is than to persist in delusion, however satisfying and reassuring” – Carl Sagan (1997).
(Quote borrowed from Douglas Hubbard’s The Failure of Risk Management)
Risk management is a core discipline in sustainability. The importance of risk management is magnified exponentially in change delivery initiatives.
The classic Machiavelli quote from The Prince sets the stage:
“…it ought to be remembered that there is nothing more difficult to take in hand, more perilous to conduct, or more uncertain in its success, than to take the lead in the introduction of a new order of things, because the innovator has for enemies all those who have done well under the old conditions, and lukewarm defenders in those who may do well under the new” (Machiavelli, Kindle Locations 477-479, 2015).
In short… a lot of risk. From an organizational perspective, sustainable change delivery offers the following, with sustainable risk management as an essential and integrated component:
Exhibit 1: Sustainable Risk Management (Copyright Peter Milsom 2015)
Sustainable Risk Management Overview
With numerous resources for risk management, the following will provide a high-level overview. The following represents the traditional Western viewpoint regarding the foundational concepts of risk management:
“Risk
A risk is an uncertain event or set of events that, should they occur, will have an effect on the achievement of objectives. A risk is measured by the combination of the probability of a perceived threat or opportunity occurring and the magnitude of its impact on objectives.
Threat
“A threat is used to describe an uncertain event that could have a negative impact on objectives” (OGC, p. 77, 2009).
“Because it has been raining heavily (risk cause), there is a threat that the river flowing through the farmer’s field might overflow (risk event), which would severely damage the farmer’s crop (risk effect)” (OGC, p. 82, 2009).
Opportunity
“An opportunity is used to describe an uncertain event that could have a favourable impact on objectives” (OGC, p. 77, 2009).
“Because the weather has been particularly mild this winter (risk cause), there is an opportunity that fewer people will be hospitalized with influenza (risk event), which will mean that there will be less disruption to planned routine operations (risk effect)” (OGC, p. 82, 2009).
There are different perspectives on whether risks should include opportunities. This is discussed in a related post entitled “Current Challenges with Risk Management“.
A few more foundational risk management concepts are outlined below in exhibit 2 to provide context:
Exhibit 2: Risk cause, event and effect from Managing Successful Projects with PRINCE2 2009 Edition, Figure 8.4 (OGC PRINCE2, p. 82, 2009)
“Risk cause
It should describe the source of the risk, i.e. the event or situation that gives rise to the risk. These are often referred to as risk drivers. They are not risks in themselves, but the potential trigger points for risk. These may be either internal or external to the project
Risk event
This should describe the area of uncertainty in terms of the threat or the opportunity
Risk effect
This should describe the impact(s) that the risk would have on the project objectives should the risk materialize ” (OGC, p. 81, 2009).
Exhibit 3 provides a table that outlines some scenarios and descriptions to help understand what a risk event actually is and how to describe risks.
“In stating risks, care should be taken to avoid stating impacts which may arise as being the risks themselves, and to avoid stating risks which do not impact on objectives; equally care should be taken to avoid defining risks with statements which are simply the converse of the objectives. A statement of a risk should encompass the cause of the impact, and the impact to the objective (cause and consequence) which might arise” (UK HM Treasury, p. 14, 2004).
Exhibit 3: Understanding and Defining Risks (UK HM Treasury, p. 14, 2004).
Exhibit 4 provides a helpful model for understanding the types of risks based on probability and outcome and context.
Exhibit 4: Event categories (Reuvid, p. Kindle Location 470, 2014)
There are a variety of risk management methods and processes. Exhibit 5 is a reasonable representation:
The following list describes the steps in the risk management process:
“Identified
This includes risks being considered that could affect the achievement of the project’s objectives, and then described to ensure that there is a common understanding of these risks
Assessed
This includes ensuring that each risk can be ranked in terms of estimated likelihood, impact and immediacy, and understanding the overall level of risk associated with the project” (OGC, Kindle Locations 2570-2571, 2009).
Plan
The goal of a plan is to prepare specific management responses to the threats and opportunities identified ideally to remove or reduce the threats and to maximize the opportunities. (4.8)
Implement
The goal of implementation is to ensure that the planned risk management actions are implemented and monitored as to their effectiveness, and corrective action is taken where responses do not match expectations.
Another representation is provided below in exhibit 6 for dealing with asset integrity management, which is also a foundational concept for sustainable change delivery.
Exhibit 6: The overall risk management process for asset integrity management (Reuvid, p. 38, 2014)
Due to the importance of the ISO standard 31000 Risk Management, exhibit 7 provides the important concepts including the recommended process:
Exhibit 7: ISO 31000 Principles, Framework and Process (ISO 31000:2018)
There are numerous ways to integrate sustainability into risk management. One straightforward approach is to employ the P5 Standard (outlined below), facilitate a P5 impact analysis concerning the various risks (threats and opportunities), incorporate the high-impact areas into a Sustainability Management Plan (SMP) and use the organizational Sustainability Management System (SMS) to mitigate/enhance the risks.
Exhibit 8: GPM P5 Standard
Conclusion
A foundational understanding of risk management is critical for any project. There are numerous risk management programs to provide guidance, including GPM Global’s sustainable risk management training program. The GPM Global program helps organizations evaluate their risk management systems, mature their risk management understanding and competency, and provide new tools and techniques to incorporate sustainable risk management into their change delivery initiatives.
Peter Milsom is an entrepreneurial advocate for sensible, sustainable change delivery practice. Peter has come to realize that sustainability is the perfect catalyst for Project / Programme / Portfolio / Risk / Value / Business Case and Benefits Management improvement.
As an entrepreneurial methodologist Peter's unique value proposition is the vast array of tools and techniques that he brings to every engagement using the most cost effective and efficient methods based on the situation and tailored to meet your needs. This is based on his unique combination of experience and extensive training / certifications in change delivery, value / risk / benefits management business case, and business architecture.
2 thoughts to “Sustainable Risk Management – Overview”
2 thoughts to “Sustainable Risk Management – Overview”