Priorities within business plan risk management

Some risk needs immediate attention, not all risk. You choose the objectives that need immediate attention.

What to read first: Discovering the objectives

New to this: This series assumes you have no prior knowledge. It does not use technical terms without explaining them first.

Some risk needs immediate attention, not all risk.

All the steps in the risk management process are essential. You will not feel calm assurance until you have chosen and truly committed to all the actions needed to keep risk at the right level. Getting to that stage means you must complete all the steps in the risk work.

However, there is some relief. If you’re on a tight timeline, you can now stop to think about your priorities within risk management. There may be a way of covering the important areas of risk straight away, and deferring some of the less urgent work.

There is some room to save time in the scope of risk that needs to have been assessed before the conversation with the boss over the business plan. The risk process so far has already set aside a lot of ‘risk’ that is worth assessing and managing, such as fraud, health and safety, and security risk. You also flew under ‘strategic’ risk, because you are managing risk for your own work unit, not the risk for corporate strategy.

You have re-generated the objectives of the unit, rather comprehensively. There were four big questions, leading to four ‘categories of objective’ applicable to business planning. The questions were –

  1. Benefits: What does the organisation expect the unit to deliver in exchange for the cost of maintaining it?
  2. Costs: What costs does the organisation incur in maintaining the unit?
  3. Dangers: What unintended consequences could arise from the unit’s activities (and are best avoided)?
  4. Capabilities: At the end of the plan period, which unit capabilities need to be as good or better than they are now?

The resulting list of objectives was probably longer than you expected.

Later in the process, you’ll be looking for the ways each of those objectives might not be met as you are intending.

You choose the objectives that need immediate attention.

It has been customary for ‘risk management’ to focus almost exclusively on the objectives under the heading of ‘Dangers’, particularly the potential for unusual high-impact events. That’s all very worthwhile when there are real Dangers, although it gives ‘risk management’ the reputation of being negative and nerdy, something for specialists and consultants rather than for real managers. Formal standards have not limited risk to ‘Dangers’ since the 1990s.

The boss might have been thinking about how your unit is involved with Dangers when asking about ‘risks’.

But given that it’s the business plan conversation, the boss is probably also concerned with Benefits, Costs, and Capabilities. The boss may even have lost interest in the Dangers (for now), given that Dangers tend to be looked after by specialists, some of them rather boring.

The Benefits, Costs and Capabilities are the positive success angles on your unit. They have probably been the main focus of business planning and the important conversations over the boss’s desk. They will continue to be the main focus of conversation over the planning year.

Consider what kinds of risk will need to have been managed before the conversation with the boss. The answer will be some subset of the objectives you have listed. That subset will reflect the expectations the boss will have around the question Have you assessed the risks in this business plan? I said ‘will have’ because the boss may not have those expectations yet, and may not clearly understand them until a long time after asking the question about risks. You job is to work out what the boss will expect, on the day that it matters.

A good clue might come from identifying the objectives reflecting the concerns that have warranted the most boss conversation time over the last few months.

If you have decided to focus on some objectives immediately and to defer others, fine, but make sure the record of the deferred objectives is clear and conspicuous, and that there is a time and place when you will actually come back to them.

The remainder of the steps in this guide are written as though you are covering all the objectives of your unit for the planning year. Either way, the next step is drawing pictures of success and failure on each defined objective.


Parent articles

Discovering the objectives

Understanding your objectives is the most important part of business planning, and of the risk management process. The objectives are the outcomes that the unit delivers for the organisation. Big questions: You can find the objectives by asking about your unit’s benefits, costs, dangers and capabilities. Precision engineering: Ensure that those objectives are necessary, sufficient, independent – and yours. Choose your priorities within risk management.

New to this: This series assumes you have no prior knowledge. It does not use technical terms without explaining them first.

Index to the topic Risk in work unit business planning

Leave a Reply

Your email address will not be published. Required fields are marked *