!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> Streamline Training & Documentation: The ABCs of Risk Management

Tuesday, November 25, 2008

The ABCs of Risk Management

For a good overview of how to handle the risk management function, I suggest looking at this post by Nancy Germond, a risk management professional based in Arizona.

Germond outlines a five-phase process (here slightly edited):
  1. Identify assets that may be at risk.

  2. Determine what could go wrong with each asset, and how likely each possible problem is.

  3. Determine how you will treat the risk.

    There are four possibilities:

    • Avoidance — e.g., don't buy property in an area prone to mudslides.

    • Reduction (mitigation) — e.g., install a sprinkler system.

    • Retention — e.g., accept the risk of having to pay the cost of replacing a stolen computer and, possibly, its stored files, rather than buying insurance against computer theft.

    • Transfer (wholly or in part) — buy insurance or otherwise arrange for a third party to absorb all or some of the risk.

  4. Create a plan that makes sense for your organization.

  5. Implement the plan.

  6. Monitor the results. Address new perils, and adjust your treatment of existing risks, as necessary to improve your risk management arrangements.
There is a compact glossary of risk management terms here.