Best practice of the week: 6.6 Risk Management6.6 Risk Management

Studies have found we overestimate our ability to influence events that are heavily determined by chance. This is due to cognitive biases, i.e., sticking to what we know and not making the effort to reveal unknown risks. Risk management is not only a framework for identifying and assessing all significant risks, but is also a process for selecting the most appropriate means to mitigate them.

Definition of risk management: “Assessing the probability and consequences of all the risks the organization faces or of a particular decision.”

Practice Summary


  • Identify
  • Assign probability of occurrence and cost of consequences
  • Rank
  • Determine solution (AS-IS): Accept, Share, Insure, Shed
  • Monitor solution, identify changing as well as further risks


  • Controlled
  • Serious
  • Disruptive
  • Severe
  • Critical

Organizational risk management maturity

  • Vulnerable
  • Reactive
  • Compliant
  • Proactive
  • Optimal

 Key Metrics

  • Likelihood of occurrence
  • Cost
  • Expected value of risk = likelihood * cost

3 Good Questions (discuss in a management meeting)

  1. How have the likelihoods and costs of last year’s risks shifted?
  2. How have our risk preferences changed?
  3. How should we avoid, share, insure or shed our risks?

The pandemic has significantly changed the expected cost of risk in three major areas: customer relations, supply chain management, and cash flow. Organizations should assess these risks – perhaps with the Center’s Risk Assessment tool – then develop mitigation responses such as resources reallocation, supply and production alternatives, and cash scheduling contingencies.