Managing Risk or Assessing Risk, Do You Know The Difference?
Did you ever notice that there was a difference between risk management and risk assessment?
Most people aren’t sure, but there is.
In my years in Supply Chain, strangely many people did not discuss risk within their decisions made or risk that may occur in their surroundings. I’d say this came down to one major element and that element was time. But more and more, we see the demand for safety and the demand for cost reduction, which in itself demands time spent on assessing risk within your supply chain. Time is also not an excuse for putting aside safety related risks.
When it comes to risk assessment, there are six elements.
- Identify the element upon which risk exists. What could cause you problems?
- Assess the likelihood of the risk, similarly used in the WHS teams within your workplace.
- Plan to manage or remove the risk from existence. You need a road map before you begin.
- Implement the plan you have devised to remove or mitigate the risk.
- Monitor your results. This is really important and the element you need to manage upwards.
- Control your risk by using the results to change or enhance your efforts further.
Risk management is little different and has four main stages in its cycle.
- Plan or identify the risk at hand, first and foremost.
- Assess the risk by categorising the risk, this is really important in risk management.
- Handle the risk by either removing the risk or implementing a risk aversion tactic.
- Monitor and Report on the risk so as to understand the probability and impact of the risk.
Note the difference.
Risk assessment is merely categorising and assuming something will go wrong and thereby working towards improving the likely hood of the risk, by reducing the likelihood
Risk management is typically where something will occur, but your efforts are to either remove or reduce its impact to the area you manage.
Risks come in a few forms to name a few.
- Health and safety
- Infrastructure impact
- Systems impact
Whatever the risk though, there are two ways to look at it. When you categorise the way in which you will manage it, you need to consider one of two things. Will it happen in the future or is it going to happen in the future?
If it is going to happen in the future, you need to risk manage the problem because you know it will occur. The order of preference is to first manage the risks that you know will happen or ‘Risk Manage’ them. If you want to be a great Supply Chain leader though, adding a problem to a risk management spreadsheet will take you a long way to impressing your boss, especially if you attribute a possible cost to it. You just need to make sure you mitigate it though. (Hint – Under promise, over deliver)
If you are unsure of when the risk will occur, then you need to place it on your to do list, but it is a secondary element that requires your focus, not your primary. Once you get around to the risk that may occur in the future, then you can risk assess it and work an order of priority.
Many people get hung up by safety related events, such as injuries.
Yes, it is a tragedy when any one gets hurt in the workplace or worse. But if something has not been ‘risk assessed’ it my mean that no one knew the event may actually occur. No one knows what they don’t know. So don’t feel threatened if something that was unforeseen was not first risk assessed.
Once an injury or safety breach does occur though, it should now automatically be placed through a risk management process, it may not be executed right away, other risks my take priority. but it is something that needs to be ‘managed’ and not assessed to its likelihood of occurring.
There are always risks in your workplace, around your home and life in general. What we don’t do much is risk assess. But risk assessment doesn’t have to occur within a process on the production floor, it can be extended into things such as vendor purchase agreements and service level agreements. There is always something to consider, but the level of consideration really depends on the impact an element will have on your business.
Within your supply chain though to manage risks, you too can do a few quick things to improve your business.
- Build and add your risks to a working spreadsheet and share it with your team.
- Cost the risk or add a score to the risk and work on the worst offenders first.
- Raise them with your peers and management team. Working in a force is a force to be reckoned with.
- Revisit the list often, say once per week to see how you are tracking.
Corporate derivative liability is where an Executive knew or ought reasonably to have known of the conduct constituting an offence, or that there was a substantial risk that the offence would be committed.
The owners of the Fleurieu tourist company within this article, should have known about the risks within their organisation and allowed suitable budget and resources to prevent such an issue from arising as a result of one of their truck drivers speeding.
MAEZ training would have prevented the ‘unknown’ in this case and allowed the business to fully understand its risks, giving the business the opportunity to reduce its liability under the act.