A Structured Approach To Operational Risk Management
The last decade has seen an explosion in technologies with tremendous potential impact on a business. From internet-connected devices to the algorithms that can make sense of the mountains of data those devices produce, there’s never been a more exciting, compelling and confusing time to invest in innovation.
When deciding how to prioritize projects, especially with so many wonderful options available, it’s important to use a framework that helps you make apples-to-apples comparisons. This framework should provide an objective means of evaluating relative priorities (especially when people try to push pet projects they’re more attached to emotionally than rationally) and communicate organizational goals clearly and effectively.
If you’re in a high-reliability industry with a heavy process-oriented focus, one of the most useful frameworks you can use has to do with operational risk. You know you’re a good candidate for this when the answer to “What’s the worst that can happen when something goes wrong?” is one of the following:
- Somebody gets hurt or worse.
- I don’t create the thing that brings me revenue.
- I’m fined or lose my license to operate.
- Social media could ruin my reputation.
By using operational risk as your starting point, you not only minimize the chance of a company-ending event occurring, but you also get the side benefits of increased efficiency (the less Rube Goldberg-ed your processes, the smaller the chance of something unforeseen happening), lower costs and better sleep.
There are tons of ways that organizations can identify and manage operational risk, but one that makes a lot of innate sense (at least to me) is informed by the basic idea of continuous improvement and a closed-loop system philosophy, manifested in two equally important components:
- Risk management: Tools or processes to identify, prioritize and manage risk mitigation strategies.
- Risk avoidance: Tools or processes to execute those strategies.