In Part 1, we learned about the fundamentals of risk:
Risk is uncertainty that matters. We are looking for things that might or might not happen. We are not looking for problems, issues, or things we don’t like. We’re not just looking at things right now. We need to look at future events or circumstances that might not happen but if they do they would affect us.
This includes bad and good risks – threats as well as opportunities. Risk should be seen as an enabler – it allows us to focus on what is important and allows us to do our business in a really safe way.
We need to separate risks from the things that cause them and their impact. Defining what the actual risk is ensures that we understand how it could impact us.
Thinking about the right controls is extremely important - for risks that are emerging, those that have crystallised, and those we need to think about moving forward.
The risks that you think are the ones you need to concentrate on are often not the areas of focus, and by properly analysing likelihood and impact, we can determine where efforts need to be.
It’s all about having a structured approach to planning our risk responses and documenting them in the right way.
Risks are uncertainties but not all uncertainties are risks.
Test your understanding
1. Define Risk in Business
A: It is uncertainty that matters
B: It is predictable events that have happened
C: It is just bad things that happen on a regular basis
D: It is anything that can go wrong
2. What are the 3 elements that define a risk?
A: Risk, impact and likelihood
B: Risk, cause and probability
C: Risk, cause and impact
D: Risk, probability and impact
3. How often should you assess your risks?
A: At the start of the project
B: At the end of the project
C: Whenever anything changes
D: All of the above
4. Which of the following statements best describes risk?
A: Uncertainty when looking to the future
B: Clarity in future decisions
C: Uncertainty when looking at the past
D: Certainty of not suffering harm or loss
5. What are the most important stages of the Risk Management Lifecycle?