Management of risks. Part 1

“All life is risk management, not risk exclusion” Walter Wriston

Each of us regularly faces risks in everyday life and at work. Today we will tell about the general system approach to risks. It is up to you to implement it in a separate project, in your own business or for household solutions, but we hope that this information will be useful to you.

Risk management is not just a theoretical and abstract topic of corporate meetings, not just a conventional abstraction from the world of management. When properly applied, risk management is a decision-making tool. This tool is often and undeservedly neglected, making decisions based on intuition or other factors. Risk assessment often comes down to the fact that “what else is there to discuss, the risks are minimal” or vice versa: good ideas are rejected because of the big risks. But what does this mean in practice? What is the risk to be big or small? What to do with these risks?

The risk management process consists of the following steps:
')

• risk identification;
• risk assessment (this includes both gross and net valuation, which we describe below);
• risk response strategy definition;
• regular change tracking.

Risk identification

“Every noble cause is risky” Michel de Montaigne

The first thing you need to do to manage risk is to determine and what, in fact, risks await you.

Here you can help:

• Analysis of the environment - for a new business it will be an analysis of the market, demand, existing products, competitors. For an internal project, this will be an analysis of the need for this project, the willingness of users to accept the project. For your household decision to take or not to take a mortgage, you should start by understanding how much and what kind of apartment you need, what mortgages are and what banks they offer.
  
  
• Analyzing similar situations - very rarely in this world something happens for the first time. Usually someone has already passed this way to you. Even if it’s about something unique, try splitting your task into subtasks. Perhaps some of the subtasks have already happened. If you are trying to determine the risks of transferring production to China, read the experience (or rather speak) with those who have already done so. Listen carefully to the problems that went wrong. If you are thinking whether to send your child to a private kindergarten or to a local, talk to the parents of those who go and go there and there, what they have encountered. Read the financial statements of companies that produce a product similar to yours.

• Discussions with experts - this follows from the analysis of the environment and the analysis of similar situations. Talk to those who claim to understand the question. Read what they write. Do not take everything on faith, but do not reject everything they say to you. Now it is important for you to collect all possible information. If you are planning to build a warehouse in the Moscow region and local attendants tell you that the place is cursed - put it on the list of risks.
  
  
• The study of legislation is part of which people often forget about and which they then encounter with pain and loss. If you want to release a new clone of a popular game, it’s worth analyzing how similar your clone is to the original. If you want to expand the market for the delivery of your online stores - specify the export / import regulations of those countries from where and where you want to deliver. If you decide to glaze your balcony - find out if your house is not an architectural monument. Moreover, it is worth considering - the legislation has an unpleasant habit of changing. Your favorite shipping or payment methods may suddenly be banned or subject to new regulations or requirements. For competent risk management, you need not only to understand where the legislation is now, but also where it is moving: check the draft laws on the websites of the ministries and read the discussions in specialized forums.
  
  
• Brainstorming - together with the authorities, the team, colleagues, wife and even with yourself - get together and distribute a variety of ideas, voice all your fears. No idea is stupid or forbidden at this stage. The landing of aliens in the midst of a conference organized by you, the renunciation of the padishah, who is your regular customer, from the throne, your mother-in-law's allergy to cats — everything that can somehow affect what you do should be included in the list. Think about what is happening right now and what may happen in the future.

Since we started talking about the future, it is important to note the planning horizon. A single recipe does not exist here - it depends on the timing of your project. If you solve the issue with a mortgage, then 25 years is a normal horizon for you. If you release a new kazualka - one year of planning will be quite enough for you. The opening of a new business will be optimal for 5 years, but it depends on what kind of business it is: rocket science and the flower kiosk also differ in horizons. For an average project in a stable business, it’s best to take three years.

Example from the project:

You decide to start producing a Super Device. Here it is worth starting with an analysis of the market, the demand for a Super-Device, a search for analogues, a history of the start of production of any device, an analysis of legislation for the certification of Super class devices, and discussions with industry experts.

Life example:

You decide to move to another city. What awaits you on this journey? It makes sense: learn the history of others who have moved. And do not neglect the stories that are outwardly different from yours — for example, those who moved to another country or another area — you can learn from them that you would have missed in another case.

The result of the risk collection exercise should be a list of risks . It is best to start immediately with risk categorization: financial, reputational, strategic, legislative, managerial, environmental, etc. There are a huge number of categories of boxes, according to which you can decompose your risks, but we dare to express the following thought here - almost everything is measured in money. Yes, and a strategically important new region of big business and the reputational risk of a well-known blogger and the environmental risk of a new component in bleach - all this ultimately translates into money. So any risks, if we discard the romance of categorization - financial risks. But categorization can help you identify new risks. You can forget about the legislative risks of your production if you do not include this category in the analysis first. Therefore, it is important to look at the categories, but you should not focus on them.

So, here is a list of your risks. Perhaps at this point (especially if you just finished brainstorming, where you were bombarded with new ideas of risk) you will be overwhelmed by despair: what did I subscribe to?

DON'T PANIC

Because then there will be an important stage of risk assessment, which will put everything in its place.

Risk assessment

“Life is full of risk. Do not be afraid of this "Lindy Lohan

Risk assessment consists of two steps:

• initial risk assessment (gross assessment)
• final risk assessment (net assessment)

Why do we need to evaluate the same risks twice? In short: not to overestimate.

The initial risk assessment consists of two parts: the calculation of the impact and the assessment of probability. Impact calculation is a complicated thing, there are quite a few mathematical approaches and models on which we will not dwell now - this is a topic for a separate article, or even a series of articles, or even a book. The simplest methods are either expert or historical assessments of the consequences of the occurrence of an event. For example: the customer does not accept the object built by us and we will have to finish building it. According to the Chief Architect, we need two hundred man-hours for the price of one hundred money per hour and one hundred bags of materials for the price of two hundred money. This is an example of peer review. An example of a historical assessment: in our previous warehouse one of the buildings burned down and we lost three times for three hundred thousand money. Statistics, analysis of warranty cases and previous projects - one of the most important sources of information about what can happen and how much it will cost.

Returning to the previous thought that all risks are financial: that is why you can express them all in money. The environmental penalty for river pollution will be so much. Changes in export legislation will cause an increase in duties on so much. Leaving the main expert in the project will lead to a delay in the delivery of the product (can be expressed in money), the search for a new expert (also money), and the training of existing employees (and this is also money).

Evaluation of the consequences, whatever they are - almost always money when it comes to business.
And here it is very important not to be frightened again, but calmly express all the risks at the maximum of the money spent and lost. Because then comes the turn of the second step: assessment of probability.

The fall of the meteorite to your factory can be expressed in very significant financial losses, but the probability of this event is vanishingly small, so you can ignore this risk according to the results of the analysis. But besides, what to do with the results of the assessment, we will come. And now it is important to evaluate the probabilities. Here it is important to correctly formulate the question: what is the likelihood that the coming event, the realized risk will lead to the fact that there is so much money, how much did you estimate it, you have to give / spend / lose? Once again: we are not talking about the likelihood that an event will happen. We are talking about the likelihood that its result will be a full financial loss, which you estimated at the stage of calculating the impact.

That is, the fall of a meteorite is a probable event. On the ground they fall daily. But here in order for a meteorite to fall enough for the destruction of your plant and for it to fall exactly on your plant and bring such significant damage - here we are already talking about fairly small quantities.

What is this for? To understand how everything is running. I remind you, we are still talking about the initial risk assessment.

To understand the initial risk assessment, you now need to multiply the impact assessment by the probability estimate.

Risk Assessment = Impact Assessment * Probability Assessment

Example: the risk of a gearbox failure in the car you plan to buy = repair cost * probability of breakdown
This is how much this risk costs you at this stage.

The total initial cost of all risks is the evaluation of your project / business / idea before you do something with them. This is a gross assessment.

Here again, it is important not to start panicking. Haircut has just begun! (with)

We will discuss how to stop worrying about these risks and begin to manage them, in the next section.

“People are inclined to blame fate for their disasters, gods and everything, but not themselves” Plato