Risks, an Intro

Risks in general

What is risk?

Risk is the effect of uncertainty on objectives with the potential for either a negative outcome or a positive outcome or opportunity. Every risk has its own characteristics that require particular management or analysis.

Risks are often divided into four categories:

● compliance (or mandatory) risks;
● hazard (or pure) risks;
● control (or uncertainty) risks;
● opportunity (or speculative) risks.

Risk management

There is a range of reasons why organizations undertake risk management activities. In the book “Fundamentals of Risk Management” (Hopkin), these reasons are summarized as mandatory, assurance, decision-making and effective and efficient core processes (Madez).

Risks classification or taxonomy

A great risks classification allows to visualize risk in a very effective and efficient manner and provides an holistic as well as a granular view of risks. Her is an overview of how we view and classify risks. You may form your own classification in a way that will best fit your organization”s needs and culture.

The MACRO risks

Macro risks are larger systemic risks involving trends that affect entire societies and industries. One good way to scan macro risks is to utilize the PESTLE analysis that stands for (P) Political, (E) Economic, (S) Social, (T) Technology, (L) Legal, (E) Environmental or Ecology + one more (E) for Ethical SO we have PEESTLE or PESTELE in its augmented way.

The MICRO risks

Micro risks are the risks that may affect a region, an industry or an organization when compared to a larger scale. it is useful to use a hierarchy of micro or organizational risks.

Existential and relevance risks

These are the risks that affects the very existence and relevance of an organization. A pandemic is one such case of existential risk. The failure to adapt to new market shifting trends can greatly affect the relevance and ultimately the existence of an organization. Research In Motion and its failure to adapt the Blackberry is a great example.

Other classifications

Strategic, Financial and Operation

This is a very popular classification. 52risks.com has done a very competent job at forming a template for such a classification.

Strategic, Financial and Operation, Information, Legal, Reputation, Governance and Disruption

This is an augmented version of the previous. We can see that a risk classification can be deep and wide.

Benefits of classification or taxonomy

As we mentioned, a great risks classification allows to visualize risk in a very holistic, granular, effective and efficient manner. It provides a more intimate and integrated view of the organization and how each of its parts (or silos) are subject to common and different risks.

When an organization creates its own classification, it must do it in a way that will best fit your organization”s needs and culture and in doing so it will allow it to adopt a common risk management language which empowers communication between divisions and departments.

A good risk taxonnomy will have positive impacts on:

• Business processes
• Financial management
• Governance
• Information management and technology
• Knowledge management
• Organizational transformation
• Legal, compliance, privacy policy, policy development, information stewardship
• Program design, project management 
• People and resource management, values, ethics, stakeholders and partnership management
• Etc.

Getting started

If your organization does not have a risk management program, starting off with a generic classification is probably the easiest way to get started, The generic classification can then be augmented as the scanning and study of your organization’s macro and micro risks, threaths and opportunity are revealed or evolve. You can find good resources and checklists on the internet.

To your success !