Risk and Uncertainty

The Institute of Risk Management’s “A Risk Management Standard” defines risk as the combination of the probability of an event and its consequences.

A risk is connected to an event, its probability, and its consequences.

An event that has no probability of happening does not pose a risk.  There is no risk that your project team will be kidnapped by aliens tomorrow.

An event that has a 100% chance of happening should not be treated as a risk.  If you do not pay your employees, do not place in your risk register that “my employees might not want to work without pay.”

If the event has no consequences for you, it is not a risk.  The collapse of the Nigerian stock market may affects thousands of people, but of no consequence to you (presuming you have no investments there).

If the event (if it occured) has a positive impact on you, you can take advantage of that by treating it as a risk. 

Risk

Risk cannot be separated from benefits.  It is only because we enjoy benefits that we are concerned with risk. 

We undertake projects in the hope of reaping future benefits from the project. 

In order to understand the risks we face, first we identify the benefits we want to protect.  There are two types of benefits.  First is the future benefit that we hope to acquire (e.g., a job promotion).  The second is the current benefit that we are enjoying (e.g., a healthy life).

Once we’ve identified the benefits, then we can consider the risks we are concerned with.  For example, the risk that we do not get the promotion.  Or, the risk that our health suffers. 

The Risks of Doing Nothing

The risk that companies face often come, not from activities originating from decisions that the company made, but very, very much often, from decisions made by others. 

They are out to get you.  Every one of of your competitors is out to get your customers.  Every single day they are plotting to change the world so it becomes more favourable to them (and less favourable to you, but that is a secondary purpose).

Failing to monitor, perceive, and anticipate the changes exposes your company to risks. Doing nothing against the changes means your risks are increasing.

For a simplistic example, imagine a company that did not adjust its salaries to keep pace with industry salaries. If its competitors pay much better, key people will tend to move to the competitors.  If its competitors pay less, they would be in a better position to offer better value to customers, exposing your company to a loss of customers.