A simple method for Risk classification

Work life of managers is full of situations where risk needs to be assessed as part of decision taking.

It is interesting to see how different staff members handle risk differently, although there is a clear method for classifying risk.

When looking at risks consider the following 3 aspects

  • Proximity
  • Impact if the risk materializes
  • Options & possible mitigation

The proximity parameter refers to the point in time where the risk could materialize. Some technical staff are excellent in identifying weaknesses in current or proposed solutions, and what those would mean for something happening in 2 years from now. Such a risk asks for another handling than those that could materialize in the next 3 months.

So what would happen if the risk materializes? what would be the impact? Project management methods typically also look at the parameters Time, Quality and Cost impact if a risk materializes. For me the key question here would be “can we live with that impact?”.
This automatically brings us to the options at hand. What alternatives exist to mitigate and at what cost in money, time and quality differences?

An often overlooked aspect is the question of what the “cost of doing nothing” is.
If we do nothing, or delay doing anything, what will the impact be. If there are cost running while doing nothing, it might be wise to act fast and “stop the bleeding”, and subsequently decide on what other actions are appropriate to contain/improve the situation.