Strategic Risk: Generally
strategic risk is at the enterprise level and requires a business risk management
enterprise plan. There are many models that can be used. At this level risk management,
planning and analysis should be part of the strategic planning process. An enterprise
risk management plan should be created that addresses strategic planning
elements, cultural risk appetite and attitude, governance, stress testing,
identification, measurement, response and control. These elements should be
brought forward as a standard in the rest of the organization. On a regular
basis the organization should complete an enterprise risk environmental scan to
ensure they keep their business risk artifacts current.
Tactical Risk:
This level of risk is at the project management level. Often it is part of the
project management process for key approved initiatives. Its objective is the
successful completion of the project while addressing risk concerns effectively
and efficiently as possible. Often tactical risk analysis requires that the
organization have a risk management plan that provides the guidelines as to how
risk is to identified, qualified, quantified, responded, controlled and monitored.
Guidelines should be provided by the business enterprise so that project teams
do not create their own risk management standards.
Operational Risk:
The here and now of any organization is the operational level. It is what happening
with the front-line of the business from your customer facing employees, the
manufacturing floor equipment and product assemblers, to the field maintenance people.
Operational risk varies by company and by industry. One thing is for sure, operational
risk needs to be aligned with business guiding principles to ensure people and equipment
is functioning appropriately. For example, safety is a huge issue in a number
of industries. Therefore, risk response mechanisms need to be put into operational
place to minimize risk impact.
Risk management, planning and analysis are a huge discipline
that impacts all levels of the organization. It is not something that is meant
to be done neither in isolation nor with a single group. When you consider risk
management consider all levels of your company.
Maybe by putting together a
solid risk management plan there will be a less of a need to carry a rabbits
foot.
This Weeks Red Question: What is your integrated standardized risk management approach that aligns all levels in your organization?
Check out more about Richard Lannon www.richardlannon.ca
Check out more about Richard Lannon www.richardlannon.ca