To reach assurance you must know your business. You and your boss must know what’s acceptable. It helps if you can talk with the boss. ‘What’s acceptable’ includes behaviours, numbers, delivery, real-world outcomes, and outcome likelihoods. It’s the real-world outcome likelihoods that matter.

What to read first: Risk in work unit business planning: What is it?

Everyone Version 3.0 Beta

This guide assumes that you are already an expert in your own business. It’s a ‘how-to’ guide that doesn’t guide you on ‘how-to’ run your business. It only guides you on how to organise the risk element that was always in the business, and always will be.

Business planning also relied on your expertise. Your expertise includes knowing the situations that you must prevent, and knowing the events that would interfere with your normally successful activities.

The how-to steps in this guide do not give you the expertise. Not many ‘steps’ could do that. This is not a guide to the risks in your business or in your work unit. The steps discover what you know already, and from those discoveries build a picture of confidence and doubt. That picture is one you can share.

The guide further assumes that you and your boss know what is important to your customers, bosses, and other stakeholders. If you find yourself unsure, the risk management steps will prompt you to ask the question.

It helps if you can talk with the boss.

Behind all that is an assumption that you can have constructive conversations with the boss about such topics. In more brutal organisations, bosses can regard a discussion of uncertain outcomes, or of uncertain objectives, as an admission of weakness. Language such as ‘failure is not an option’ or ‘your job is to deliver’ might be clues.

If you find yourself in a place like that, this how-to guide can also help you, and you may need it even more. You might want to understand ‘risk’ a little differently. In that situation, the outcomes that matter are the outcomes that will come back to affect you, not the organisation. Those outcomes will overlap with what the organisation wants. The degrees of success and failure on each objective will reflect what happens to you, not by what happens to the organisation. Rather than discussing expectations constructively with the boss, you will probe the boss, when you can, to get clues about what might follow for you as a result of varying unit outcomes. The personal consequences of output and performance numbers might be clear already, but you also need to understand whatever else might be important to your own future.

‘What’s acceptable’ includes behaviours, numbers, delivery, real-world outcomes, and outcome likelihoods. It’s the real-world outcome likelihoods that matter.

Your organisation probably talks about all sorts of things as either mandatory or unacceptable. Categories of ‘thing’ that might be mandatory or unacceptable include:

  • Behaviours, specifically behaviours expressing values, or individual behaviours required to comply with laws and policies.
  • Values for financial or other metrics, typically expressed as numbers. Financial metrics might include sales targets, profit margins, or key ratios. Non-financial metrics might include defect or complaint numbers.
  • Delivery on specified commitments or targets.
  • Outcomes, staying within an approved budget, or avoiding human injury.

It is often reasonable to use words like ‘unacceptable’ for exceptions in these categories. The problem arises when something ‘unacceptable’ arises unintentionally from decisions and behaviour that the organisation actually supports. An obvious example is a company vehicle crash that results in an injury, but was not the result of negligence by a company driver. Is that unacceptable? The answer is neither yes nor no.

For risk management, you need to understand ‘acceptability’ in a different way. An ‘acceptable risk’ is based on outcomes. It is not the outcomes themselves that are acceptable. It is their likelihood.

  • Positive outcomes have a minimum likelihood.
  • Negative outcomes have a maximum likelihood.

For risk, what is ‘acceptable’ and ‘unacceptable’ is the likelihood of an outcome.

To the extent that risk management addresses behaviours or metrics, they are first understood as outcomes. Accepting a risk of bad behaviour is not a response to bad behaviour that is detected.

Drill-down articles

Different kinds of tolerance and acceptability

Acceptable risk is fundamentally different from an unacceptable behaviour. ‘Zero tolerance’ isn’t about risk at all. Acceptable risk is different from an unacceptable number, and from an unacceptable outcome. An acceptable risk is an acceptable likelihood for an outcome.

Everyone Version 3.0 Beta

If you have already been told how to do ‘risk management’, with templates

The how-to steps in this guide will differ from guidelines you have been given within your organisation.

Everyone Version 3.0 Beta

Parent articles

Risk in work unit business planning: What is it?

In business planning, ‘risk’ is just the possibility that your unit’s outcomes for the year will be different from those you promise.

Everyone Version 3.0 Beta

Main article on Risk in work unit business planning

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments are moderated from a sea of spam, so may not be published immediately. Email contact may get a quicker response.