This is a rewrite of an article I wrote in 2010. I'm revisiting some of my earlier writings to update them to my current ideas.
Top five versus first five issues
Ask people for their top five issues in any area of concern other than an area they are personally and closely involved with, and they are more than likely to give you the first five important issues that come to their mind. Of course, these are not necessarily the top five issues, they are their top five issues at that moment.
This problem, by the way, is a typical challenge of idea generation which you try to counter with brainstorming. Ideally, you would ask them to tell you their top 50 issues, and then prioritize. However, quite often they don't have the time and you don't have the budget. And that is a critical problem. Why?
Getting an as complete as possible view on risks is essential in a risk management exercise. After all, risks not identified cannot be managed, and will come to the fore at the most inopportune of times.
Using risk models
This is where risk models come into the picture. A risk model aims to take a lot of the preparatory risk identification work out of your hands. There are certain advantages to using a predefined set of potential risks for an organization. Three of the most important ones are:
- it allows you to focus on the relevance of the proposed potential risks, thus reducing the actual effort invested in thinking about completeness;
- it allows you the time required to better and more clearly defined the risks which are considered as relevant;
- it allows you to identify those risks not already present in the risk model.
Errors in understanding the use of a risk model
People opposed to the use of risk models will make the case that the tool has limited value because you can never integrate all relevant risks in one framework.
It is indeed practically impossible to integrate all relevant risks in one overarching framework. However, rather than making a risk model a tool with limited value, the simple fact that the risk model has already defined a lot of potential risks and thus takes away the effort of performing the same analysis again and again, makes it a tool which saves you time and effort. Rather than reinventing the wheel again and again, the risk model allows for true value creation in defining new risks which you otherwise would have never thought about because you were so focused on the top 5 risks.
The relevance of the risk model
A risk model allows you to focus on the essential risks both present in and lacking from the model. This leads to a better degree of concrete, situational risk awareness in a risk assessment exercise.