These categories of ‘risk’ can be left out:
In risk management for business planning, you can disregard outcomes that aren’t part of your unit’s mission. You can also disregard potential events that have no bearing on the unit outcomes for the period. That means you can disregard the types of risk listed on this page.
Routine and low-level events from which you can recover.
- By definition, recoverable events generally have little effect on period outcomes. Isolated random product defects, equipment breakdowns, and transaction errors are not risks from a business plan point of view. They are expected.
- Too many such routine events during the period may add up to a real effect on the final outcome, so in business planning you might recognise ‘too many’ as a relevant variety of risk.
Most disruptive events, even those experienced as ‘crises’.
- Disruptions are usually short-term set-backs and distractions with no specific effect on period or long-term outcomes. Some of them lead to long-term benefits. What matters for the period outcomes is the potential for events from which you don’t recover.
- Loss of key people and facilities does threaten long-term outcomes if you don’t have recovery options. You need a business continuity plan as well as a business plan. (This guide does not deal specifically with business continuity risk, for which special approaches are helpful.)
Potential events that are clearly harmful, though to someone else’s outcomes rather than those of your unit.
- For example, if your unit processes payrolls, you may be aware of risks around the size of general pay rises and the potential effect on corporate profitability. At the same time, pay rises higher than expected would have no effect on your unit’s processing of payrolls over the year. They might have a big effect on someone else, like the CFO. Risks like high pay rises may be important, but should be referred to the ‘someone else’. They need not appear in your own unit’s risk management.
Risks subject to separate management.
- Common examples of risk managed separately include health and safety, business continuity, security, and fraud risks. For those risk types, there may be a standing risk management process that has nothing to do with your unit’s business plan.
- If your unit is the manager of (say) corporate security, it will be maintaining a corporate security risk assessment and security management plan already. There is no need to integrate the risk part of the security unit business planning with the corporate security risk assessment. Keeping them separate is much easier.
- A different kind of separation helps when you have separate risk management processes for each project, procurement, client, ‘case’, and so on. Keeping those separate means that you can leave those project- or case-specific risks out of business planning risk. Cumulative patterns may be relevant to business planning risk, as with other routine and low-level events (see Routine and low-level events from which you can recover above).
Existential risk – the possibility of being abolished.
- It is commonly assumed that the end of the organisation is a very bad outcome. Sometimes it is assumed to be the worst possible outcome.
- These assumptions are very often wrong. They are not useful for work unit business planning. Work units can be abolished for any number of reasons, usually for the benefit of the organisation. The benefit comes from doing things a better way, as in a good restructuring or outsourcing decision. As unit manager, it may be your specific challenge to make the unit unnecessary. That could represent success.
- For work unit business planning, you can regard abolition as an indicator of failing to achieve the objectives – if that is the reason for abolition. Being abolished for other reasons is neither good nor bad in itself, and has little to offer in the risk part of business planning.
But first be sure of the objectives for the unit.
Before you disregard large categories of risk, it is essential to be sure that the unit objectives are really understood. Only with that confidence will you have the calmness you will need when you look the boss in the eye over your business plan. You identify risks after reviewing the objectives affected by uncertainty.
The good news is that by reviewing the objectives now, you save a lot of time in the risk identification stage. For example, the work on the unit objectives will replace the whole idea of ‘risk categories’. If you don’t fully understand what a ‘risk category’ is, you’re not alone. Nice! Now you don’t need to care.