Most people think of risk management as stopping bad things from happening. But ideally it’s really uncertainty management. That does cover reducing the chances of bad things happening, but it includes increasing the chances of good things happening, too. So how might we do that?
Reading a piece from Norman Marks the other day, a few ideas came to mind…
Spotlight good behaviours
One of our common flaws is that we generally expect things to go to plan (sales forecasts, projects, etc) and anything going against that is a deviation. We don’t treat good and bad uncertainty equally. But we can encourage good things to happen by highlighting positive actions that people have taken, even if they were part of our plan. For example, a good uptake of of a new policy to protect our information systems, a sales win, or a team delivering to their fortnightly commitment. These might be what we expect, but reinforcing positive actions can help encourage others to achieve the same.
Take new risk
Too often we seek to avoid risk, because we’re worried about bad things happening. But entering an uncertain situation can have positive outcomes, too. Going after a big sale has the obvious possibility of winning that sale. Entering a new market can open new opportunities. Trying a new approach to our meetings might reinvigorate team engagement. Risk-taking can be good, as well as bad.
Seek and exploit silver linings
Even if some of that new risk-taking didn’t have the outcomes we hoped for, there may still be some good things we can take away, and then build on those. Perhaps we didn’t win the sale, but we might have formed some relationships we can continue to develop; there may be lessons we can learn from how we approached the sale, and feedback we got; we may have discovered new abilities with our team which we can develop further, or previously-hidden gaps within our processes that we can usefully address. Even if something didn’t work out as planned, we shouldn’t always walk away from it entirely.
Put “bad” risk in perspective
Supposed we’ve decided to introduce multifactor authentication to make our systems more secure, but as we roll it out we realise it’s going to be very time-consuming to make it work for one particular group of users. We could just sink in the extra time, or regard the gap as a failure. But it might also be sensible to question that extra time, because it could easily distract us from other work which might be more valuable. Perhaps that extra time is better spent elsewhere. Not all bad things are worth stopping entirely; we need look at them in the context of the bigger picture.
Seek and exploit opportunities
Sometimes we might detect some opportunities to be exploited, and it’s worthwhile to deprioritise other work so that we can follow them up. Once more this is about taking a step back and seeing the bigger picture—maybe it’s about turning our attention to a new market or creating a big hairy audacious goal for our department. It’s worth remembering that our job is often not just about completing a list of tasks, but achieving a greater goal.
There are many established practices around “stopping bad things happening” in the name of risk management, but not the same kind of focus on helping good things happen. What we can tell from this list is that there are at least some constructive things that can be done.