Understanding risk: An introduction - part 2/3

Previous:  Understanding risk conditions.

Defining risks.

A risk can be divided into three elements, which are:

• cause,
• event,
• effect.

When we write down risks and make them understandable for our team members, we must include these three elements. Normally we would simply say “it is a risk to fly airplane”, because we assume that we all understand each other and therefore implicit knows what those three elements includes. But when you say, “it is a risk to fly airplane”, it is not certain we are thinking of the same thing. We assume everyone thinks about an airplane disaster as the event. But for one who is traveling home after a scuba diving holiday will instantly think about decompression sickness, which is the diver’s worry within 48 hours after the last dive (vary on the type of dive).

We see here the important of expressing the risk in a common way and make sure every team member understands it correctly. This is done by including all three elements. Here we see an example.

From this we can now construct a sentence that looks like this

Cause can lead to Event which can result in Outcome.

With this construct we can now make a concrete risk which doesn’t lead to misunderstandings:

Large amount of rain can lead to flooding which can result in water damage in the basement.

Every time we define a risk, we should write it down using this template, that means a sentence including the cause, the event and the effect. Here is another example:

More than 1 hour down-time on service ABC can lead the police to lose control over X and Y and cannot inform Z in a timely manner which can lead to loss of lives.

When we have defined a risk, it is possible to respond to the risk.

Risk response.

There are several options to choose from for a risk response, in short these are:

Fallback means that we will take measurement after the risk is materialised. Imagine a tennis match where we defines one of the arrangement risks like this “Huge amount of rain can lead to wet field which can result in lowering the match quality and the spectators excitement”. We know that the stadium where this arrangement is hosted have a feature where we can close the roof. For the risk defined here vi choose Fallback as the response, and we decide that if it starts raining we close the roof. Notice we took action after the risk materialised, hence Fallback.

Transfer is when we want other parties to take hand of the risks, like we for example do with car and home insurances.

When it comes to Share can this be when for example two persons agree to bet on a football series. They agree to invest EUR 50 on betting slips, that means 25 on each of them. We can identify the risk like this “Several of the matches doesn’t give the results we bet on and can lead to no pay-outs which can result in a loss of 25 EUR on every investor”.

Recognise that we here shared the risk on two parties, both the positive risk and the negative risk. The positive risk here can we define as “All matches give the result we bet on and can lead to full pot which can result in EUR 50 000 profit to share by the investors”. When the positive risk is materialised, it will be a pay-out of 25 000 on each of the two investors".

Avoid, mitigate and accept are all explained in the table under residual risk below.

When we have decided which risk response to use, we should write a description on how to implement the response. Such descriptions will vary in size and complexity, all based on each risk and the type of response we decided on. After the response is executed, there are often still some degree of risk left, we call this the residual risk.

Residual risk

A residual risk is the risk which remains left after a risk response has been implemented on the original risk. It is given that the exact choice of response will affect the variance between the probabilities of the original risk and the residual risk.

Next: Part 3 - Risk matrix (soon to be published).