Explaining the Risk Register - Risk, Continuity and Crisis Management

In my previous blog we learned about constructing a risk register and how that can be undertaken.

I now wish to take this further and bring in the concepts of continuity and crisis management.

Let's look at the possible outcomes of a risk register process.

These can be as follows:

1. We can identify those events with a low probability of occurring and they will have a low impact. An organisation will not have to worry too much about these type of events.

2. Events with high probability but low impact are also not of too much concern because they fall into the realm of fire fighting responses.

3. Events with a high impact and high probability of occurring are serious but can be managed if the organisation is prepared to tackle them.

4. Events with a low probability of occurring but high impact are inherently difficult to tackle because we never expect them to happen!!

This 4th quadrant of the risk register outcomes needs particular attention.

This 4th quadrant events or risks are assumed to happen and can be addressed by Business Continuity and Crisis Management Approaches.

Business Continuity Management addresses events which are foreseeable operational disruptions whereas Crisis management deals with events/risks which are so profound that they threaten the strategic entity and very existence of an organisation.

There is a close parallel between Business continuity management and Crisis Management. However the crisis management approach is much more profound.

The 4th quadrant approach should not be confused with uncertainty. There are events which we cannot even predict will happen nor the consequences of their occurrence. These are uncertain events which we will consider later but in effect they are unknown unknowns.

We will have to use system failure as a proxy for them in any forecast of future risks.

Let's compare this to the Business continuity and Crisis management approaches!

The Institute of risk management proposes some approaches to both risk management and the appetite for risk that an organisation may have.

The risk management process can be described by the followgraphic:

Your organisation may have a similar approach to the one above but it should have something like it.

Similarly the Institute of Risk Management has produced a graphic covering an organisation's attitude to risk as follows:

What attitude does your organisation have to risk and how is it determined?

It would be instructive to look at how respective organisations have tackled risk, especially risk occurring in the 4th quadrant or indeed uncertainty.

What lessons can we learn?

management.management.