Risk in work unit business planning: Priorities within risk management

In this article:
Some risk needs immediate attention, not all risk. Prioritising within risk management is a matter of prioritising objectives affected by uncertainty.

Previous article: Risk in work unit business planning: Firming up the objectives


Some risk needs immediate attention, not all risk.

All the steps in the risk management process are essential. You will not be entitled to feel calm assurance until you have chosen and truly committed to all the actions needed to keep risk at the right level. Getting to that stage means you must complete all the steps.

However, there is some relief. If you’re on a tight timeline, you can now stop to think about your priorities within risk management. There may be a way of covering the important areas of risk straight away, before the conversation with the boss, and deferring some of the less urgent work.

Where there is some room to save time is in the scope of risk that needs to have been be assessed before the conversation with the boss over the business plan. The risk process so far has already left out a lot of risk that is worth assessing and managing, such as fraud, health and safety, and security risk. You also managed to fly under ‘strategic’ risk, because this part of risk management is about your own unit, not corporate strategy.

During the previous stage you set out the objectives of the unit, rather comprehensively. There were four guiding questions, leading to four ‘categories of objective’ applicable to business planning. The questions were

  1. Benefits: What does the organisation expect the unit to deliver in exchange for the cost of maintaining it?
  2. Costs: What costs does the organisation incur in maintaining the unit?
  3. Dangers: What unintended consequences could arise from the unit’s activities (and are best avoided)?
  4. Capabilities: At the end of the plan period, which unit capabilities need to be as good or better than they are now?

The resulting list of objectives was probably longer than you expected.

Later in the process, you’ll be looking for the ways each of those objectives might not be met as to the extent you are intending.

Prioritising within risk management is a matter of prioritising objectives affected by uncertainty.

It has been customary for ‘risk management’ to focus almost exclusively on the objectives under the heading of ‘Dangers’, particularly the potential for unusual high-impact events. That’s all very worthwhile when there are real Dangers, although it gives ‘risk management’ the reputation of being negative and nerdy, something for specialists and consultants rather than for real managers.

The boss might have been thinking about how your unit is involved with Dangers when asking about ‘risks’.

But given that it’s the business plan conversation, the boss is probably also concerned with Benefits, Costs, and Capabilities. The boss may even have lost interest in the Dangers, given that they tend to be looked after by specialists.

The Benefits, Costs and Capabilities are the positive success angles on your unit that have probably been the main focus of business planning and the important conversations over the boss’s desk. They will continue to be the main focus of conversation over the planning year.

To select the part of risk management that needs to be done before the conversation with the boss, consider what kinds of risk is actually important to have managed at that moment. The answer will be some subset of the objectives you have listed. That subset will reflect the expectations the boss will have around the question Have you assessed the risks in this business plan? I said ‘will have’ because it’s quite possible that the boss doesn’t actually have those expectations yet, and may not achieve any clarity about them then until some time after verbalising the question. You job is to work out what those expectations will be, at the time you will need to have met them.

A good clue might come from identifying the objectives reflecting the concerns that have warranted the most boss conversation time over the last few months.

If you have decided to focus on some objectives immediately and to defer others, fine, but make sure the record of the deferred objectives is clear and conspicuous, and that there is a time and place when you will actually come back to them.

The remainder of this series is written as though you are covering all the objectives of your unit for the planning year. We now return to setting out degrees of success and failure on each defined objective.

Next article:

Risk in work unit business planning: Degrees of success and failure

Seven levels of outcome The organisation’s perspective on the seven levels

Previous article: Risk in work unit business planning: Firming up the objectives

Index to the series

Leave a Reply

Your email address will not be published. Required fields are marked *