Advertisement

http://insurancethoughtleadership.com/wp-content/uploads/2014/04/bg-h1.png

Facebooktwitterredditpinterestlinkedinmail

February 26, 2015

The Flaw in How Risks Are Framed

Summary:

The problem: There is no such thing as a one-cause event. Nor are there one-consequence events. But many organizations act as if there are.

Photo Courtesy of Official U.S. Navy Page

One of the things that I’ve been tossing around is how we frame a risk. Risks are events. But when it comes to putting together risk statements, often organizations will put a cause and a consequence as well as the risk all into one statement.

I’ll give you an example: “Significant delays in retrieving records due to current tools for data storage and retrieval practices may leave the department unable to adequately respond to freedom of information requests.” Now, I’m not even sure what that’s saying, but here’s another one: “A department may not have a business process in place to adequately manage the programs, which may lead to weakened results.”

Now, given what I’ve talked about on other blogs, I wouldn’t even see those as risk statements. However, what we’ve got there is: We’re trying to put a cause and an event and a consequence into one risk statement. The problem is that there is no such thing as a one-cause event, nor is there any such thing as a one-consequence event. If you identify an event, a risk, you will find that there are a range of causes. It’s a system breakdown.

And even if a risk results in injury or death, there are other consequences, such as harm to reputation, perhaps issues with the regulators and maybe legal action taken against us.

So, if we put our statements together such that we put a cause and a consequence in with the risk, we’re limiting our ability to treat that risk properly. We haven’t identified all the causes. We haven’t identified all of the consequences. And it’s only through identifying all the causes that you can truly start to identify whether you have adequate controls already in place or whether you need additional ones.

When you look at your risk statements, identify what the event is, but then go though and list all the causes and all the consequences, plus the controls and their effectiveness. This is when you have a statement able to be managed effectively.

As always, let’s be careful out there.

description_here

About the Author

Rod Farrar is an accomplished risk consultant. His knowledge of the risk management domain was initially informed through his 20 years of service as an army officer in varying project, security and operational roles. Subsequent to that, he has spent eight years as a professional risk manager and trainer.

+ READ MORE about this author ...

Like this Post? Share it!

Add a Comment or Ask a Question

blog comments powered by Disqus
Do NOT follow this link or you will be banned from the site!