Making Risk and Reward Decisions
Every decision, personal and corporate, is a decision of risk and reward.
The concept of risk and reward is timeless. From the scripture that says, “What does it profit a man to gain the whole world but lose his soul?”, to the gospel of Warren Buffett, “Risk comes from not knowing what you are doing. Never invest in a business you cannot understand.” Then and now the benefits of managing risk are numerous and the downside is zero. The process of evaluating and mitigating the risks we face and the risks we take can be complicated, but it doesn’t need to be when we manage risk using a structured method.
Management of the risks we face is typically the day-to-day responsibility of anyone in an organization concerned with events that are uncertain and would involve a loss to the corporate objectives should they occur; executives commonly perform this task. Management of the risks we take is considered throughout an organization, by anyone who makes decisions, both large and small. Most choices involve some risk that should be considered when deciding between alternatives in the pursuit of achieving your objectives. Unfortunately, we often overlook the deliberate step of assessing risk when making decisions.
Kinds of Risk – Sources of Risk:
First, we need to understand the categories of risk; broadly there are seven kinds and sources of risk:
- Strategic – Industry Dynamics
- Compliance – Government Regulations
- Financial – Company Practices
- Operational – Internal Processes
- Reputational – Established Goodwill
- Other Risks – Multiple (i.e., natural disasters, and political or economic instability)
- Residual – Unmitigated
A Four-Step Process:
Then use the four-step process to approach and address each risk:
- Identify – Describe events that could negatively impact the objective.
- Assess – Prioritize the events based on likelihood and severity using a ration scale, and determining acceptable levels of risk.
- Control – Implement cause and corrective actions and gap analysis, mitigating risk to an acceptable level.
- Monitor – Regularly measure mitigation effectiveness.
Integration Risk Management to Strategic Planning:
The next step is to integrate risk management into your strategic planning process where the risks you take and the risks you face are viewed in light of the mission, strategy, objectives, and resulting initiatives. It is impossible to separate risk management from strategic planning as risk must inform the strategic plan.
Doing it Right:
The lack of communication regarding risk between the levels and functions in the organization, bottom-up and top-down up-stream and down-stream, is a significant issue for most organizations, and even for those with risk management programs in place. There must be a common risk language and a multi-directional conduit of information flow that allows decisions at all levels to align decisions to the strategic plan and its related risk tolerance. Communication must be safe for all – no shooting the messenger! Also, there is no such thing as over-communication regarding corporate objectives and risk tolerance; even if their heads are nodding up and down that does not mean they understand nor does it mean all are aligned. I have often wondered if these success-critical messages should be set to music so everyone can sing along.
The use of intuition for risk identification and measurement without hard operational data and proportionality is a trap. Mitigations need to have a business case based on scientifically-valid data that will provide the maximum risk reduction within a budget. Also, you must be able to consider other constraints, such as dependencies, time, and political considerations. By scientifically valid, we mean that measurements of likelihood and severity must possess proportionality. Most risk assessments multiply ordinal measures of likelihood and severity; ordinal measures can be worse than having no risk measures at all and yield incorrect results.
The processes of making risk-related decisions are as varied as the number of people in an organization. A standard decision-making process, in concert with organizational alignment, will assist in creating the common language fundamental to success. We use the decision process popularized by Chip Heath in his book, “Decisive.” Although the decision process contained in Heath’s book includes additional considerations and steps, Heath says, “To make better choices, we must avoid the most common decision-making biases. Being aware of these biases isn’t sufficient to avoid them, but a process can help. The WRAP process can help us make better, bolder decisions.”
- Widen your options
- Reality-test your assumptions
- Attain distance before deciding
- Prepare to be wrong
The use of an outside facilitator, who can assist you and your team in the Risk Management and Strategic Planning processes, is hugely beneficial. This resource will keep you on track, challenge the prevailing mentality, and incorporate proportionality measures. They will point out and assist in sidestepping pitfalls to an optimal result.
Summary:
There are pitfalls to avoid, and the biggest one of all is thinking that you have no more to learn about risk management, decision making, and strategic planning, or that you have it covered – this is the most significant risk of all!
We recommend the following:
- Open a safe conduit with a common language between organizational levels and disciplines. Over-communicate the corporate objects and the risks you are unwilling to tolerate!
- Use a tool-set that gives scientific validity to your intuition, operational data, and constraints.
- Implement a structured decision-making process throughout the organization.
- Engage an outside facilitator to guide you and your team through the process.
