Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
Exposure to threats, hazards, and risks leads to vulnerabilities that an organization must deal with.
Commonly these are addressed via a mitigation process. Once mitigation is accomplished, often times the organization feels that the risk, threat, hazard does not need to be revisited. However, as a result of the mitigation efforts on the part of the organization, the risks, threats, hazards reconfigure and re-emerge in a different form.
In order for mitigation to be successful, it has to be a constant and ongoing process that produces a resilience to the negative effects of risks, threats, and hazards that are realized.
We can structure a matrix that depicts the three levels of mitigation and four clusters of exposure from risks, threats, and hazards.
Then we can determine the potential consequences that could result from the realization of risks, threats, and hazards. In order to simplify the context contained herein, I will refer to Risk, Threat, Hazard under the term “Risk” with the understanding of the broader context of these three unique exposure elements.
The Exposure Reduction Matrix would consist of four areas of interest forming the horizontal access: Economic, Environmental, Social, Physical.
The three criteria that would be used for the vertical axis would be Strategic, Operational, Tactical. An example is provided below:
The example is not meant to be a complete rendering, rather it is suggestive of how one would identify items (risk, threat, hazard) at the three levels (Strategic, Operational, Tactical).
Each item posted could then be analyzed further to determine how much focus should be placed on reducing exposure and, of course, mitigation initiatives.
Risk, threat, hazard: It’s all about the consequences
Some facts to consider:
- Risk, Threat, Hazard are not static, they are fluid.
- Risk, Threat, Hazard probes for weaknesses to exploit.
- Risk, Threat, Hazard, therefore, can only be temporarily mitigated and never really eliminated.
- Over time Risk, Threat Hazard mitigation degrades and loses effectiveness as risk, threat, hazard mutates, creating new risk, threat, hazard realities.
Risk management requires that you constantly monitor recognized risks and continue to scan for new risks.
This process cannot be accomplished with a ‘one and done’ mindset. Risk needs to be looked at in three dimensions and perhaps even four dimensions to begin to understand the “touchpoints” and aggregation of risk, the potential to cascade, conflate and/or come to a confluence.
For a more detailed discussion see my posting, “Rethinking Risk and Uncertainty”.
Risk taking is central to the functioning of any organization.
We live in a world full of consequences. Our decisions need to be made with the most information available. The matrix depicted herein is a starting point that can be expanded with the addition of “touch point” analysis to find the interrelationships at each of the three levels (Strategic, Operational, Tactical).
One can add areas to the horizontal axis to further delineate areas of analysis. I have used four that appear to be consistent with almost every organization.
If you begin to assess Corporate Social Responsibility (CSR) initiatives you can see how Governance, Ethics, “Green” thinking and other aspects can be fed into the matrix and assessed to determine their positive and negative impacts when implemented as mitigation and/or exposure reduction initiatives.
Geary Sikich – Entrepreneur, consultant, author and business lecturer Contact Information: E-mail: G.Sikich@att.net or email@example.com. Telephone: 1- 219-922-7718.
Geary Sikich is a seasoned risk management professional who advises private and public sector executives to develop risk buffering strategies to protect their asset base.
With an M.Ed. in Counseling and Guidance, Geary’s focus is human capital: what people think, who they are, what they need and how they communicate. With over 25 years in management consulting as a trusted advisor, crisis manager, senior executive and educator, Geary brings unprecedented value to clients worldwide.
Geary is well-versed in contingency planning, risk management, human resource development, “war gaming,” as well as competitive intelligence, issues analysis, global strategy and identification of transparent vulnerabilities.
Geary began his career as an officer in the U.S. Army after completing his BS in Criminology. As a thought leader, Geary leverages his skills in client attraction and the tools of LinkedIn, social media and publishing to help executives in decision analysis, strategy development, and risk buffering.
A well-known author, his books and articles are readily available on Amazon, Barnes & Noble and the Internet