This article assumes you have read What is risk management? (Everyone). That article covered the key points as concisely as possible. This one isn’t an ‘executive summary’, but further advice specifically for people who make real-world decisions (as distinct from specialist advisers).
Your roles as an ‘Executive’
The ‘Executive’ stream in this site is for people who actually make decisions and thereby manage risk.
I don’t limit ‘Executive’ readers to the senior management levels. Decisions are also made at middle management and team leader levels, and all levels manage risk.
I have two broad categories of decision maker in mind, regardless of management level. The obvious category is populated by managers with direct day to day executive control of activity and resources. To take an analogy with the arms of government, these people are in the Executive arm.The other category is for those not in direct control, but representing stakeholder interests and exercising critical influence through that role. For example, the senior user, financial, or marketing representatives for an ICT project are stakeholders in risk as managed by those making the day to day decisions. In the government analogy, these people are in the Legislature. As with the Legislative arm of government, the total legislature has a lot of power, though individual members may have little.
The interests of the direct decision makers (Executive) and influential stakeholders (Legislature) tend to overlap at higher levels of executive management.
Regardless of which category you are in, or your management level, you are already managing risk. You may not be doing it well, but you are definitely doing it – already. Risk management is not something new to add to your workload. Management is taking actions to achieve an outcome, and risk management is simply recognising uncertainty of outcomes.
If you have a new thing called ‘risk management’ pushed at you and it walks and talks like a waste of time (or worse), you may well be right. Even when the effort is worthy, defined risk management processes may well produce decisions and assurance that could be made more directly and reliably using other human faculties. Common sense and relevant experience are often good alternatives. Your first priority is getting the right things done for your organisation.
On the other hand, your current management of risk may not be sufficient. If you are unable to demonstrate a clear awareness of all the risks, and responsible action on them, you may be letting down your organisation and exposing yourself to career damage.
You may also want to think about whether you are comfortable with everyone you manage either ignoring the uncertainty of success, or making their own risk-based decisions without ever explaining them to you. Your superiors may feel about you the same way you feel about your people, only with more eyes peering over their own shoulders.
For those reasons, you must ensure that risks are managed so as to meet your actual responsibilities and concerns. If that isn’t happening, something needs to change.
Future articles will suggest specific ways make risk management work for you. There is no one best way. There are plenty of other sources, and I’ll refer you to the good ones that I know about.
For now, here are some test questions that you can use to distinguish the useful from the annoying.
Test questions for direct managers
As a manager, you are managing risk on behalf of stakeholders.
‘Managing risk’ making decisions about what happens, with more or less awareness of the implications for risk.
These questions aren’t actually as helpful as they seem:
Test questions for stakeholder representatives
As a stakeholder, you are relying on the decision makers to look out for your interests.
You are the one directly exposed to risks in the activity. You don’t have direct executive control over the activity but you can query or object to what the decision makers are doing. You may even be in a position to kill the activity if you’re not happy.
Main article on What is risk management? (Everyone)
Recommended next articles:
|Some other main topics||
Discrete risk management processes within an enterprise
‘Enterprise Risk Management’ and risk management (coming soon)
All pages on What is Risk Management?