A Flexible Way to Assess Your Key Risks

Use this framework to evaluate the potential severity - and likelihood - of risks to your business.

“We used to view risk through two primary lenses: impact and likelihood,” notes Jonathan Copulsky, principal at Deloitte Consulting and author of Brand Resilience: Managing Risk and Recovery in a High-Speed World.

“Now we’ve added a new dimension - velocity. In today’s highly connected environment, reputational damage can spread at lightning speed. In a matter of minutes, companies could have to deal with 5,000 new complaints... from highly connected consumers. That’s a major change from only a few years ago - and one that holds serious new implications for managing risk.”

To help tackle these potential perils, consultant Jacob Morgan has designed a risk-evaluation framework. Morgan, author of the recently released book The Collaborative Organization, is cofounder and principal of Chess Media Group, whose clients include Sprint, Siemens, and the U.S. State Department. His framework offers flexible parameters for assessing risks depending on the nature of your business.

For example, in the Severity category for Risk 2 - negative customer feedback - some companies might grade negative feedback as a 9 or 10, because even one complaint (especially if it goes viral) has the potential to sink the ship. Other companies, such as large retailers, receive negative feedback all the time; for them, a few complaints might not be particularly severe. To calculate whether negative feedback warrants a high or low grade for your organization, Morgan recommends asking two questions: What is the potential harm of this? and How important is it that this not happen?

The magic of Morgan’s framework occurs once you multiply the severity number by the numbers you come up with in the Probability of Occurrence and Probability of Early Detection categories. You’ll then have a single number, which will allow you to quantify - and therefore prioritize - which risks are, well, the riskiest. The framework also insists that you designate a Recommended Action to address the risk, and earmark which teams and departments own Responsibility for taking action.

What it does not address, however, is the identification of the risks themselves. That is a matter of “involving both business unit leaders and IT personnel in the risk discussion,” says Morgan. Talk early, talk often. “They should naturally be able to come up with some perceived risks and negatives.”


Article provided by thebuildnetwork.com ©TheBuildNetwork


On a scale from 1 to 5, with 1 being 'Not Good' and 5 being 'Excellent', how would you rate this article?

Press enter to submit your rating

Rate this Article

Use this form to provide additional feedback based on the rating you provided.

Thanks for Rating

Would you like to provide feedback?

Thanks for your feedback!

The information, views, opinions, and positions expressed by the author(s) and/or presented in the article are those of the author or individual who made the statement and do not necessarily reflect the policies, views, opinions, and positions of Regions. Regions makes no representations as to the accuracy, completeness, timeliness, suitability, or validity of any information presented.

This information is general in nature and is provided for educational purposes only. Information provided and statements made by employees of Regions should not be relied on or interpreted as accounting, financial planning, investment, legal, or tax advice. Regions encourages you to consult a professional for advice applicable to your specific situation.