| Risk is real for any company or organization. Don't kid | | | | selected categories. Create as many category names |
| yourself. Things happen when you least expect them | | | | as you need. |
| to happen. Are YOU ready for the unimaginable, the | | | | 4. Rank each risk according to severity or significance. |
| unexpected, the unwanted? As an executive, have | | | | Choose headings such as "most severe", "moderately |
| you put your head in the sand around risk? Do you | | | | severe", "of minimal concern". You don't have to use |
| pretend that all is well, and nothing will change? If so, | | | | these same words for your headings, but be sure |
| it's time to face reality: data gets lost, buildings burn, | | | | that your phrases adequately differentiate between |
| people resign. When any of these occur, your | | | | the degrees of seriousness. Perhaps you would like |
| organization is at risk for malfunction, inefficiency, | | | | to color code each risk according to its significance |
| chronic struggle, revenue loss, and even total failure. | | | | heading: red for "most severe"; black for "moderately |
| Is this the path you want to go down? | | | | severe", and green for "of minimal concern". Set it up |
| Beginning now, you can initiate the process of | | | | the way it best works for you and your organization. |
| developing your organization's risk management plan. | | | | 5. Develop strategies for reducing or eliminating each |
| Take charge. Form a committee representing Board | | | | risk. |
| members and staff, and ask them to partner with | | | | Begin with the risks under your "most severe" |
| you to create this critical document. Make sure | | | | heading. It's critical that you don't delay in thinking |
| everyone understands the importance of the work, | | | | through possible solutions for those major issues. |
| and explain to them how they can benefit from | | | | Ideally, determine multiple strategies for each risk. Be |
| contributing to the finished product. Risk | | | | sure to consider who within the organization is going |
| managements plans are not optional; they are | | | | to be responsible for implementing the various |
| essential for every company, large or small. There | | | | strategies, and the resources needed to implement |
| are no valid exceptions. | | | | them. Omitting this information from the plan only |
| Implement the following seven steps, and give | | | | causes big problems later. |
| yourself and others a huge slice of peace of mind: | | | | 6. Write your plan. |
| 1. Define what risk looks like for your organization. | | | | Using all of the above input, shape a readable |
| What constitutes risk in your shop? Threats to | | | | document. Practicality is paramount here. The plan is |
| normal operations? Threats or compromises to | | | | worthless if nobody can follow it, interpret it, or |
| people's safety? Loss of physical and electronic | | | | actually rely on it as a guide during crisis. After it is |
| property? Loss of revenue? Decreased public | | | | compiled, seek feedback from the committee as well |
| community support? Unethical behaviors? Create a | | | | as other employees and Board members. Incorporate |
| comprehensive definition of risk that means | | | | changes where indicated. Check for evidence of |
| something to YOU and YOUR organization. | | | | common sense throughout the document. Hold |
| 2. Identify specific risks. | | | | yourself accountable to a high standard around |
| Ask the committee to brainstorm as many different | | | | common sense. A pie-in-the-sky risk management |
| risks as they can possibly imagine. Record them on a | | | | plan doesn't serve anyone. |
| white board or flip chart. Examples of various risks | | | | 7. Test some of those strategies in your plan for |
| include: firing of the chief executive, dwindling interest | | | | viability. |
| in one of your major products, departmental silos, | | | | Do they work? Can they work? Why or why not? |
| Board infighting, inability to fundraise, economic | | | | Where are the pitfalls? What steps are missing? |
| downturn, layoffs, building fire, computer crashes, | | | | Would you benefit from having certain outside |
| philosophical differences between key employees, | | | | experts review your strategies? If so, which types |
| extended leaves for managers, interruption in | | | | of experts? |
| receiving necessary supplies. All of these are potential | | | | Revisions to the plan may occur annually, as |
| risks, and there are many others. Continue | | | | situations arise and your organization lives one or two |
| brainstorming until the group believes they have | | | | of the strategies firsthand. Hindsight is often wiser. |
| come up with an exhaustive list. | | | | Don't be afraid to toss some plan content when you |
| 3. Categorize each risk. | | | | know for a fact that this is what you must do. |
| Determine category names for the identified risks. | | | | Remember: the plan needs to be current. On a day |
| Examples may be: Chief Executive, Board of | | | | you least expect it, someone has to grab that |
| Directors, Physical Property, Technology, Data, | | | | document, refer to a particular section in it, and act |
| Employees, Products or Services, Customers/Clients, | | | | upon it--fast. |
| Stakeholders,. Place each risk under one of the | | | | |