Four Strategies to Respond to Risks
As I have written about in earlier posts, risks are a part of life. Especially in business, where companies must take calculated risks in order to realize returns on their investment.
The question is not whether your business will face risks – risks will be inevitable. The real question is: when faced with a risk, what is the best risk response strategy?
Generally speaking, the actions that can be taken to respond to risk fall into one of four broad categories: avoidance, transfer, mitigation, and acceptance (1).
1. Avoidance: Risk avoidance is the simplest response strategy – basically this involves just not going forward with the activity that posed the risk in the first place. A risk avoidance strategy for sky diving would be not sky diving. For a business looking at a risky merger, not going forward with the merger would be the avoidance strategy. Note however that in the course of avoiding certain risks, other risks might pop up.
2. Transfer: Risk transfer strategies seek to pass the risk off to a third party. The classic example of risk transfer is insurance, wherein an individual or company pays a premium to the insurance company in exchange for the insurance company bearing the risk. Other risk transfer strategies exist in the form of various financial instruments and contractual arrangements. However in general, risk transfer involves a tradeoff between paying a certain premium vs bearing an uncertain loss should the risk be realized (e.g., a flood, fire, etc.).
3. Mitigation: Risk mitigation involves trying to reduce an existing risk. Risks can be reduced by trying to lower the likelihood that an adverse event will happen, or lowering the impact should the event occur, or both. This necessarily involves first assessing the risk so there is a baseline to compare the mitigated risk to. The level of risk that remains after mitigation is called the residual risk. On a construction site, there might be a risk that workers will be injured on the job. Risk mitigation strategies might include providing safety training (which might reduce the likelihood of an accident) and personal protective equipment (which might reduce the impact if an accident does happen). The residual risk is the risk that remains after the training and personal protective equipment, which is hopefully much lower than it would be otherwise.
4. Acceptance: It might not always be cost-effective to avoid, transfer, or mitigate all risks, so at some point a certain level of risk must be accepted. What level of risk is deemed acceptable is a judgement call by management. However there are still some ways that management can ward off the negative effects of accepted risks. For instance, planning a buffer into to a project’s schedule and/or budget can be a way to deal with accepted risks. Other strategies like contingency plans can also be used.
As can be seen from these four strategies, they all involve different trade-offs. Is it better to avoid a risk altogether but miss out on the potential opportunity? Or should we spend money for certain to insure against a risk that may or may not happen? Do the costs of the mitigations reduce the risks sufficiently to be justified?
These are the sorts of questions management needs to consider when thinking about risk management. Three guiding questions have been proposed to think through risk management problems (2):
-What can be done, and what options are available?
-What are the trade-offs among all relevant costs, benefits, and risks?
-What are the impacts of current decisions on future options?
Responding to risks involves decision making – weighing the pros and cons, costs and benefits and uncertainties.
Collier Research Systems has the expertise and experience in risk and decision making to guide you through the process of managing the risks facing your company. To learn more about how we can help you effectively navigate risk and uncertainty, visit www.collierresearchsystems.com.
(1) Hillson, D. 1999. Developing Effective Risk Responses. Proceedings of the 30th Annual Project Management Institute 1999 Seminars & Symposium, Philadelphia, Pennsylvania, USA.
(2) Haimes, Y.Y. 2012. Systems-Based Guiding Principles for Risk Modeling, Planning, Assessment, Management, and Communication. Risk Analysis 32(9), 1451-1467.