Risk III – Can’t believe your luck

Good, you shouldn’t believe in luck.

It is human nature to be attached to beliefs, dreams and the notion that luck plays a part in our lives. This is a risk that can negatively impact your organization. Got a salesperson on a hot streak – are they lucky or just experiencing circumstances that mean they are winning a higher than normal quantity of work? Negotiation goes well – were you lucky or well prepared and unaware of the needs of the other party?

Consider that the perceived luck could also be a false impression of a limited data set. When we review events we tend to focus. That focus is usually tight limiting our view and the data we use to make conclusions. Consider again the salesperson, was their hot streak permanent suggesting good luck or was it limited when you assess the full body of their work. That negotiation a singular event in a long relationship or contract the luck you considered was only visible with that tight focus.

To compound this risk it is a simple function of mathematics and statistical probability to determine that following a period of good luck a period of bad luck must follow. This return to average will happen. Clearly, the average may be skewed by the positive event or events that catch your attention but a return to average will happen.

The risk then is small data samples and human nature. To manage this risk which can impact many areas of your organization you must establish:

  • Process – how your organization does things
  • Review periods that align with your organizations’ activities
  • Key Indicators that truly give factual information – that you then use

So being lucky is good, but being honest about your organization based on a set of facts is better. Unless you are in Vegas – then have some fun but remember hot streaks end, averages exist for a reason and those nice hotels weren’t cheap so you might win but definitely not more than those hosting the games.

Risk II: Why you struggle to understand risk?

Hopefully, there are some people who have taken mild offense to the title of this post. Thinking, well I understand risk of course I do, I am a smart individual who takes control of my life, I understand risk.

Really, really, are you sure? So you’ve never done any of these things:

  • Got nervous when a plane you are in experiences turbulence.
  • Waited for water to warm up before washing your hands.
  • Rode a bicycle without a helmet, but you did wear gloves.

The point I am making is this, if you have done any of these three things you are struggling to manage risk. Most planes experience turbulence and the drive to the airport is statistically more dangerous than the plane journey. Warm water makes no difference to the germs left on your hands when you wash them – it’s the soap and the vigor with which you scrub (it takes water at 80 centigrade to start killing germs, this is way to hot for you – DO NOT TRY IT). And lastly riding a bicycle without a helmet but wearing gloves – hands might be saved from a nasty scrape but your head is a whole lot more fragile.

You struggle because it is personal. Risk to you, yourself, people or things you care about is hard to judge. It’s tough to be objective.

That is why I join others in pressing for a process for risk management. See Risk I for the start of that process. Objective classification of risk following some guidelines is essential.

So hopefully you are prepared to acknowledge your failings as a risk manager and in the next post on the subject I will explore ways to build up your risk management skills and explore your appetite for danger.

Risk I: Issues and Risks

Risks – people are terrible at managing them and understanding them.

Issues – unless we are careful lots of these things distract us from making progress.

To make this easier consider these definitions:

Risk – an unintended of unexpected event which, should it happen, will negatively impact what you are trying to achieve.

Issue – what a risk feels like once the unexpected event has happened.

Based on this rather negative opening it seems we are doomed to have risks become issues leading to our failing to address AOTT2.

Well maybe.

Life and organizations throw up risks and issues all the time. It is naive to think that everything will always run smoothly. What you can do though is pay attention to risks and issues and manage them to minimize their impact on your organization.

How to manage Risk – step 1 – Identify

Start with context. What is at risk?

Remember much of the theory of risk management came from the field of Health and Safety. So what was “at risk” was often a person or some people.

In organizations what might be at risk?

  • Success of a project
  • Achieving a profit margin for a particular product
  • Keeping key staff

Finding the appropriate context is essential to capturing risks. With a context defined it is easy for anyone with a passing knowledge of the subject matter to think of reasons why failure might happen. This is the first step in risk capture. What could go wrong?

An example; an organization wants to retain a key member of staff.

What could go wrong is NOT – that they leave. This is common mistake.

The thing we need to identify is the CAUSE that drove person to leave.  To make this easier let’s expand and improve our definition of a risk.

There is a risk that (UNDESIRABLE EVENT) will occur as a result of (CAUSE) leading to (CONSEQUENCE) with the potential for (IMPACT).

Returning to the example:

There is a risk that Staff Member A leaves as a result of dissatisfaction with work life balance leading to loss of our ability to make Client X happy with the potential for reducing profit.

Breaking this down:

(UNDESIRABLE EVENT) – Staff Member A leaves

(CAUSE) – dissatisfaction with work life balance

(CONSEQUENCE) – loss of our ability to make Client X happy

(IMPACT) – reducing profit

Straight away this improved definition has helped us hugely. Firstly we can quickly see our real issue the CAUSE. Second we can find new CAUSES that lead to the same UNDESIRABLE EVENT and have the same CONSEQUENCE and IMPACT.

Third, and most important, we can take targeted action to stop the CAUSE happening. In this example perhaps talking to Staff Member A and agreeing new working hours to help maintain balance.

Image the alternative asking Staff Member A why they might leave? They may not tell you and you might not get to the root cause of the issue and further it is likely to be a combination of factors. If you first take the time to identify all the potential CAUSES you can have an infinitely more productive discussion much more quickly.

This is the first step, capture. Set your context use the definition and find the causes.

This is a much bigger subject than can be covered in one post but for now we can build on these ideas to explore issues.

How to deal with Issues – step 1 – Capture and Take Action

As with risks it is a good idea at this point to improve our definition of an issue to help capture them properly, try this:

As a result of (UNDESIRABLE EVENT), (CAUSE) is or will occur leading to (CONSEQUENCE) and likely (IMPACT).

For similar reasons to those explained above the value in using a definition to capture issues helps you target the actions. However for issues actions should be targeted at the CONSEQUENCE not the CAUSE.

In the example above there is not much value to an organization of investigating why some one has left and looking at how to prevent other staff leaving when all the while a key client is unhappy and profit levels are starting to drop.

The subject will also be expanded upon in future posts but now you should be better equipped to start the process of understanding risks and issues.

Future posts will explore risks and issues in greater depth but for now take these steps:

  1. Using the correct definition – capture five risks to your organization (start with context)
  2. Using the correct definition – capture five issues impacting your organization (again start with context)