Home Blog & Media Are your risks managing you?

Are your risks managing you?

July 19, 2023

Share this Post

Author

Shila Nhemi

Technical Director, Risk and Compliance, Kenya

A 5-step risk management formula for every organization

In today’s competitive landscape, every organization must take risks to grow and succeed. However, managing risks can be a daunting task. It’s a delicate balance between taking calculated risks to reap rewards, and avoiding risks that could lead to losses.

Risk and reward are two sides of the same coin: the higher the risk, the higher the potential reward.

We all manage risks on a daily basis. Every activity and decision we make carries some level of risk. Not only would you not cross a busy highway without looking for oncoming traffic, but you would also not invest in a new venture without first weighing the pros and cons.

Proactive risk management not only increases the likelihood of success in any organization, but also better prepares the organization for risks – if they do materialize (and they will!).

Managing risks involves an organization asking itself:

  1. What could go wrong?
  2. How do I minimize the likelihood?
  3. How do I minimize the impact?

The following are five steps that every organization can adopt as part of its risk management process.

Step 1: create your strategy; define your goals

Before identifying risks, an organization must first understand where it is heading. A clearly defined organizational strategy forms the foundation for a solid risk management framework.

Because the elements of strategy and risk are closely linked; the first point in managing organizational risks is to develop a clear strategy that leadership agrees to follow, with measurable goals.

Step 2: identify the risks

Once you have defined your organization strategy and objectives, the next step is to identify activities or incidents that could prevent you from achieving them.

These activities and incidents are your risks. Risks can come from a wide range of sources, including internal factors such as operational issues and external factors such as market changes or regulatory changes. When identifying your risks, make sure you get input from a cross-section of your stakeholders… Write down the risks to build your organization’s risk log.

To keep track of the identified risks and the corresponding action plans, you can use a risk register. A risk register is a document that lists all identified risks, their potential impact, and the corresponding response plan. It also includes information on who is responsible for carrying out the response plan, the status of the risk, and any necessary follow-up actions. The risk register is a valuable tool for monitoring and controlling risks and for keeping all stakeholders informed on the organization’s risk management efforts.

Step 3: analyze each risk

The next step is to analyze each risk by determining its likelihood and impact. Determine whether the risk is catastrophic, high, medium, or low by using a risk matrix. All key stakeholders need to provide objective input for successful analysis.

Arrange a workshop with key staff and discuss each risk in terms of likelihood and impact, as well as where it fits into your organization’s risk matrix.

Step 4: respond to the risks

The ranking of the risk often influences the response to the risk. During this step, assign an action plan to each risk, known as the risk response.

The action plan should detail how you will respond to each risk. You can either accept, mitigate, transfer, or avoid the risk.

  • An organization will accept risks whose impact is low enough to make the risk acceptable to the organization. That means taking no action to address the risk unless the threat materializes.
  • Mitigating risks involves putting in place controls that will reduce the risk to an acceptable level. This response will either reduce the likelihood of the risk occurring or minimize its impact on the organization should it happen.
  • Transferring risks involves taking insurance to protect the organization or outsourcing the function to a third party.
  • Finally, an organization can opt to avoid the risk. This category is reserved for risks categorized as catastrophic. The organization can decide to abandon or stop the activity that could give rise to the risk.

Step 5: monitor and control your risks

The last step in the process is monitoring and controlling your risks. This involves implementing the actions developed in Step 4 to respond to the identified risks.

It is crucial to implement the controls and keep track of the effectiveness of your risk response plan. Regularly review and update your risk log to make sure it remains relevant, and communicate any changes to key stakeholders.

In conclusion

Although risk management is critical to an organization’s success, its aim is not to avoid risks altogether, but rather to enable the organization to take calculated risks. By following this simple 5-step formula, your organization can better prepare itself to handle any turbulent times that may arise.


How well are you managing your risks? At Humentum, we understand that managing risks is crucial for any organization’s success. That’s why our team of experienced professionals provides tailored solutions to help you identify and mitigate potential risks. Contact us today and schedule a consultation to see how we can help.