Risk management strategy

From CEOpedia | Management online

Risk management strategy is a way in which the company or project team decides to treat the risks. In some publications the RM strategy is understood as risk management process (e.g. PRINCE2) or even whole risk management system. The main strategies are:

  • Risk avoidance,
  • Risk mitigation (reduction, control),
  • Risk transfer,
  • Loss reduction,
  • Spreading the risk,
  • Redundancy,
  • Risk acceptance.

Selecting appropriate risk management strategy

The organization should create a model for risk related decisions. This model should describe which strategies are recommended in different situations. Example (very simplistic) model can include:

  • High risk: avoidance, transfer, acceptance.
  • Medium risk: avoidance, mitigation, loss reduction, transfer, redundancy, spreading.
  • Low risk: loss reduction, acceptance.

The model can include different types of risks and determine level of consequences and likelihood.

Description of the strategies

Risk avoidance

Avoidance allows to eliminate the risk, however it requires stopping the activity that can cause problems. E.g. to eliminate the risk of buying low quality office equipment we don't buy this equipment at all. This shows the main drawback of this strategy: using it can stop any progress in the company or project.

If we want to continue the project, we have to replace the activity with another one. This will lead to identification of another, maybe even higher risks. Therefore, risk avoidance is limited to only those activities that are not critical or can be replaced. It can be the best strategy if the risks as far beyond control and cannot be managed by the company.

Risk mitigation

As there are two factors which impact the severity of the risk: consequences and likelihood, there are also two strategies of risk mitigation, which can be mixed: Reduction of likelihood is a set of activities that lead to decreasing probability of risk occurrence. E.g. and incentive to supplier can reduce probability of late or low quality supply. It is important to ensure supplier that he will get the incentive only if certain conditions will be met.

Reduction of consequences is related to solutions that enable some redundancy, increase the security, or lead to other actions that will reduce the exposure to risk. E.g. the risk of burn can be reduced by another layer of fire proof material.

Both strategies can be mixed to obtain the best result.

Risk transfer

Some of risks can be transferred to other organizations or persons. There are three main causes of this strategy:

  • Law requirements, e.g. employer's liability, occupier's liability,
  • Written agreement between two or more parties (contractual transfer),
  • Insurance policy.

The insurance increases the real costs, however it can reduce highly uncertain risks. The insurance agreement should be analysed to check whether all possible occurrences of the risk are covered. Reduction of insurer liability in some cases can make the insurance cheaper, but also useless.

Loss reduction

If there is not possible to prevent risk, the plan for risk response should be prepared. The plan should lead to reduction of losses. The most common example is a fire drill, which leads to reduction of fatalities in case of fire.

Spreading the risk

Some try to gather all the risk-related resources and keep them in one place. This can be effective e.g. in case of weapon kept in shelter. However, in case of other resources this strategy can lead to total disaster. Keeping all chemicals in one place can lead to uncontrolled reaction. Combustive materials should be kept away from electrical wires and equipment. The data backups should be kept in other place than original data.

Redundancy

Information systems should have some redundancy and be decentralised to prevent losing data in case of single problem. Duplication can be effective also in case of fire extinguishers. If the safety rules require us to keep only one fire extinguisher what will happen if it will break or the fire will appear too close to it? In hospitals two or more energy sources should be available in case of technical problems.

Risk acceptance

Risk acceptance is equal to full exposure to the risk. Therefore, it should be limited to low importance risks only. There are however highly probable and severe risk factors which are uninsurable. They can be accepted only if the company is willing and able to pay for them.

The accepted risk is called residual risk.

Examples of Risk management strategy

  • Avoidance: The strategy of avoiding risks is to identify and eliminate the potential risks. This can be done by changing the project scope, design or process; or by eliminating the source of the risk altogether.
  • Reduction: Risk reduction is a strategy of minimizing the impact of a risk by reducing the probability of it occurring. This can be done by implementing preventive measures, such as training, or by introducing additional controls, such as checks and balances.
  • Sharing: Risk sharing is a strategy of allocating the risk to a third party. This can be done through insurance, subcontracting, or partnerships.
  • Acceptance: Risk acceptance is a strategy of acknowledging the risk and taking no action to manage it or reduce it. This strategy is used when the cost of managing the risk is greater than the cost of dealing with the consequences of the risk.
  • Mitigation: Risk mitigation is a strategy of implementing measures to reduce the potential impact of a risk, or to reduce the probability of it occurring. This can be done through improved processes, training, or additional controls.

Advantages of Risk management strategy

A risk management strategy is a plan for how to identify, assess, and respond to risks in order to minimize their impact on a company or project. The main advantages of implementing a risk management strategy are:

  • Mitigation of financial losses: A risk management strategy can help a company or project team to identify potential risks and create plans to address them before they become a major financial burden. This can help to reduce the amount of money lost due to unexpected costs or losses.
  • Improved efficiency: With a risk management strategy in place, the company or project team can identify and address potential risks quickly and effectively. This can help to reduce the amount of time and resources needed to address any issues that arise, as well as help to ensure that any resources spent on addressing risks are used efficiently.
  • Enhanced risk awareness: A risk management strategy allows a company or project team to be aware of the risks they face and the potential consequences that could arise from them. This can help to ensure that the team is prepared to respond to any potential risks they may face in the future.
  • Improved decision-making: A risk management strategy can help to ensure that decisions are made with full awareness of the potential risks that may arise. This can help to ensure that decisions are made with the best outcome for the company or project team in mind.

Limitations of Risk management strategy

Risk management strategies have several limitations. These include:

  • Complexity: Risk management strategies are often complex and require a deep understanding of the risks involved. Additionally, they require a significant amount of time and resources to implement.
  • Cost: Risk management strategies can be costly to implement and maintain. Additionally, they may require expensive software or other tools to be effective.
  • Localization: Risk management strategies are often localized and may not be effective in different countries or regions.
  • Compliance: Risk management strategies must comply with applicable laws and regulations, which can be difficult to do.
  • Measurement: It is difficult to measure the effectiveness of risk management strategies because of the complexity of the risks involved.
  • Flexibility: Risk management strategies may not be flexible enough to adapt to changing conditions.
  • Support: Risk management strategies may not be adequately supported by senior management or other stakeholders, which can lead to lack of implementation.

Other approaches related to Risk management strategy

The risk management strategy is an important part of risk management process and system, which includes various approaches for treating and managing risks. These approaches include:

  • Risk Avoidance: This approach involves avoiding risks by not engaging in activities or projects that have too much risk.
  • Risk Reduction: This approach is used to reduce the potential impact of risks. This can be done by taking proactive measures such as investing in insurance, creating redundancies, or implementing safety procedures.
  • Risk Transfer: This strategy involves transferring the risk to a third party, such as an insurance company.
  • Risk Acceptance: This approach involves accepting the risks and focusing on how to respond to and manage them.
  • Risk Retention: This approach involves retaining the risk and taking steps to ensure the risk is managed effectively.

Overall, the risk management strategy helps to identify, assess, and manage risks in an organized and effective manner. It is important to choose the most appropriate strategy for the situation, as this will determine the success of the risk management process.


Risk management strategyrecommended articles
Benefits of risk managementRisk treatment planBusiness risk managementAccident managementRetention of riskRisk management processResidual riskRisk responseLevel of risk

References

Author: Slawomir Wawak