The ABCs of Risk ManagementFor a good overview of how to handle the risk management function, I suggest looking at this post by Nancy Germond, a risk management professional based in Arizona.
Germond outlines a five-phase process (here slightly edited):
- Identify assets that may be at risk.
- Determine what could go wrong with each asset, and how likely each possible problem is.
- Determine how you will treat the risk.
There are four possibilities:
- Avoidance e.g., don't buy property in an area prone to mudslides.
- Reduction (mitigation) e.g., install a sprinkler system.
- Retention e.g., accept the risk of having to pay the cost of replacing a stolen computer and, possibly, its stored files, rather than buying insurance against computer theft.
- Transfer (wholly or in part) buy insurance or otherwise arrange for a third party to absorb all or some of the risk.
- Create a plan that makes sense for your organization.
- Implement the plan.
- Monitor the results. Address new perils, and adjust your treatment of existing risks, as necessary to improve your risk management arrangements.
Labels: Risk management