‘A risk’ is one pathway by which something unpredictable could cause an unplanned outcome on an objective.
There’s nothing very new about that idea of ‘a risk’, but it differs from casual usage. In casual usage, something called ‘a risk’ could be one end of the causal pathway, or the other, but not the full pathway.
The common casual usage for ‘a risk’ is the threat of an unpredictable disruptive event, leaving the effect on outcomes unstated:
There is a risk of executive misappropriation fraud.
Another less common casual use of ‘a risk’ is the possibility of an intended outcome not being achieved, leaving the causes unstated.
There is a risk of a profit shortfall against forecast.
This example assumes that meeting the profit forecast is an objective.
The careful usage of ‘a risk’ in this guide refers to the full pathway from the reason for uncertainty, through event(s) or invalid assumptions, to a difference in the outcome.
Executive fraud is (by nature) kept hidden, so at any given time we have no certainty about whether any such frauds are in progress. Executive misappropriation fraud on a big enough scale could lead to a profit shortfall against forecast.
The proper description of a risk includes the full pathway, from the reason for uncertainty to the year-end outcome. ‘The risk’ has not been identified until that description is complete.
‘A risk’ must recognise and identify:
- A particular class of event that may or may not occur, or a particular assumption that may or may not be valid.
- Why it is uncertain, but possible, that the event will happen or an assumption will be invalid. The reasons for uncertainty must be clear.
- The way in which the event or invalid assumption may produce a difference in outcomes. The outcome effect will be changed by the way you respond to the event, or to your discovery of an invalid assumption. Many other factors will influence the final outcome effect. Few events or mistaken assumptions have definite, predictable effects on outcomes.
The difference in the outcome must be important within your objectives. You developed a range of outcome pictures for each objective.
Within business planning, ‘a risk’ must include a reference to one of the (unplanned) outcomes for one of the unit objectives.
The ‘risk’ includes either an event or a mistaken assumption. These two possibilities reflect the inclusive term ‘uncertainty’ in the ISO definition of risk.
This definition of ‘a risk’ allows for unexpectedly beneficial possibilities. It links each risk to an unplanned outcome. The unplanned outcome is not necessarily a bad outcome. The unplanned outcome could be better than the planned or expected outcome on the same objective.
The risks in business planning are complete pathways. Each one ends at an unplanned outcome for the year. You will have a picture of that unplanned outcome in your collection.
‘The risk’ is the complete chain from causes to outcome.
In business planning, the consequence of ‘a risk’ is a planning period outcome, and not just a short-term impact. A short-term impact might be dramatic, but does not necessarily lead to a better or worse outcome for the year. If the scenario consequence does not last that long, you don’t have a risk to achieving the business plan.
Your first and hardest attention should be given to the pathway from the event or mistaken assumption to the year-end outcome. The reasons for uncertainty, and the causes for the event, are less important. You focus on them when you have a good reason.
You register the identified risks.
A risk register is a formal collection of fully described risks, designed in a way that prevents any of the risks from being overlooked or forgotten. Usually the register records attributes for each risk, along with the risk description.
|Everyone||Version 3.0 Beta|
Main article on Risk in work unit business planning