This series the second post in our series on evaluating and managing risk. In this post we will discuss a methodology for assessing and managing risk. We are going to look at strategic planning and risk management today. For strategic planning we will specifically examine SWOT analysis. For risk management we will use the US Army Risk Management model. I was going to do these the other way speaking more about risk management specifically first. The reason I am not is that logically one could use some kind of strategic planning method to get the big picture then use risk management to drill down into that piece. I think these two methods could complement each other well.
First we will look at SWOT (Strengths, Weaknesses, Opportunities and Threats) analysis. This is a strategic planning technique, predominantly used in business, to see how different factors will aid and hinder in reaching organizational objectives.
This handy chart is used for SWOT analysis. The first column (vertical) is factors that are helpful and the second column is harmful. The top row (horizontal) is internal and the lower one is external.
The goals of SWOT are easily captured in another handy chart.
Using SWOT we want to match our strengths against opportunities while minimizing our weaknesses and avoiding threats. It is also a good way to look at whether our unique situation is well suited for the goal/ mission. An opportunity I am well suited to take advantage of might not work for our buddy Zero and conversely an opportunity that would be perfect for him might not work for me. I am not going to write a lot more about this because while I have worked with it in school I haven’t really used it professionally so my experience is a bit thin. I would rather toss out the ideas and yet you, if you want, do your own research than unintentionally send you down the wrong path.
Next we will look at the US Army Risk Management model. I will use this model because it is the one I am the most familiar with. Some folks in the blogosphere have written about it but honestly I don’t think they had any actual experience with it and thus their articles were a rewording of some overview they found on google. Not saying they were wrong but simply that their discussions lacked the experience that comes from practical implementation of the topic.
Risk Management has 5 steps:
Develop Controls and Make Risk Decisions
Supervise and Evaluate
Core Principles of RM are:
Risk management should be integrated into all activities. This is important because the actually risky stuff is typically related to boring day to day things in part because we do them so frequently. Complacency is a serious problem.
Accept no unnecessary risk. We should try to mitigate as much risk as is practical.
Apply the RM process cyclically and continuously
To expand on the core steps. We will also do a walk through Risk Management for an event. We will do riding a motorcycle.
Identify Hazards: Taking a step back one might say “The hazards of what?” I would reply with “Your life.”
We need to apply the RM model generally to our lives to see what all could go wrong resulting in injury, death, loss/ damage of equipment or any other negative consequences such as financial loss (including the opportunity cost of an action). I would submit to you that a general assessment for your life is important. Additionally you could apply the RM process to specific events such as a trip or activity.
So we have to identify hazards for our life. Experience would show that a normal person has risks of injury while operating/ traveling in motor vehicles, risk of injury doing certain jobs/ tasks, risk of criminal actions, risk of natural disasters, etc plus of course pandemics, foreign invasions, grid down TEOTWAWKI collapses, Zombies, etc.
I would say that a big mistake people make is by arbitrarily narrowing the hazards they choose to assess. They tend to do this by drawing some magical line between normal life shit and ‘preparedness’. I recall a very famous survivalist who mentioned keeping a spare computer for the family hauler in a tin foil package in the trunk in case of am EMP but didn’t carry a concealed handgun! Not naming names but he entirely missed the point. I believe this was in part because he looked at preparedness or its less politically correct, maybe more racist, cousin survivalism as some discrete thing for extreme unlikely situations.
We need to look holistically at identifying the hazards that might impact our lives.
To our scenario. The hazards of riding a motorcycle would be accidents or getting run over by a car.
Next we will Assess Hazards.
We want to rank hazards in terms of its probability and severity.