The Principals of "Risk-Wise"® Risk Management
Rather than address the principals of risk management from either a personal, enterprise, business or investment perspective, the "Risk-Wise"® Risk Management Principals listed below apply to effectively managing virtually any kind of risk.
1 - Risks can be managed, but never eliminated.
2 - Your definition of risk is absolutely CRITICAL
- Your definition is the "lens" through which you view the world of Risk. It can make your risk management efforts more challenging, frustrating, and disappointing or easier, more positive, successful, and ultimately more effective.
-Your definition the cornerstone & foundation on which all your risk management efforts and plans will be built. If your foundation is weak or inferior, whatever you build on it will not stand the harsh test of the "unforgiving, real-world conditions" under which we live.
So, be absolutely certain to dedicate significant time and effort to identifying, embracing, and actively using a positive, powerful, effective and “empowering” definition of risk. Doing so will make your risk management job easier, more effective, and much more rewarding.
One of the best & most empowering definitions of risk we've discovered & have since adopted at "Risk-Wise"® Investor & "Risk-Wise"®Advisor was first articulated by Peter Oppenheimer. As the Chief Risk Officer of Apple, Inc. he observed that:
RISK is: “The degree to which an outcome varies from expectation”
3. Risk & risk management are very personal, critically important, individual life skills.
The very same "risk" occurring can affect each individual person, organization or entity very differently, based on each one of their individual levels of…
Knowledge of and familiarity with the risks & management of those risks we each individually face
Understanding of a given risk(s) potential personal likelihood and impact (should it occur) plus our personal resilience (ability to bounce back from a risk occurring)
Advance Preparation to reduce the personal likelihood of a risk occurring and personal impact should a given risk actually materialize
4. Risk identification, assessment, management, preparation, and ongoing monitoring are a perpetual, ever evolving, never ending, long-term process and journey…They are NOT a "ONE TIME" event or destination
5. It’s impractical & impossible to identify & manage every single risk you face
-Risk management has a cost. So working to protect against everything is a futile, because once you've accomplished that objective, although you're protected on the down side, you've also got little or no upside.
-Also.... Since all risks are not created equal, and every risk management initiative has a cost of one type or another...The Risks you face must be prioritized as to which risks to 1-Avoid, 2-Which risks to accept & manage, and 3-Which risks to accept outright with no risk management
6. “Risk” is imbedded in the very fabric of the universe, as articulated via the 2nd Law of Thermodynamics.
-Simply stated, this universal physical law describes how the natural tendency of any system is to degenerate from “order to disorder” or “hot to cold” over time, and never the other way around (Unless external energy is added back into the system)
-As those familiar with "Murphy's Law" know..."If anything can go wrong, it will go wrong, and usually at the worst possible time."
7. To effectively manage any risk, it absolutely critical to focus on identifying and managing the “ACTUAL RISK" itself, rather than attempting to manage the secondary or tertiary results of a risk.
-That’s why medical students are taught not to treat disease symptoms, because doing that never solves the underlying problem....Rather, they are taught to use the symptoms as clues to identifying & treating the actual underlying disease which is the only way to effectively address the problem
8. Risks are always with us. There are risks in “taking action” as well as in “not acting” or “deferring action”
9. Risks we’ve identified, fully understand, and are thoroughly prepared for can be “neutralized,” and can even be transformed into opportunities if we wish
10. Since both “Negative” and “Positive” risk exist, we must consider the management of both types of risk…
Yes! Too much of something can be as a big a problem as too little…i.e.
-An example: Too little water (a drought) is a risk and too much water (a flood) is a risk as well
11. Risk & Reward are generally equally balanced.
-However, with knowledge, understanding, experience, and preparation for risks, we can “tilt” the risk/reward equation to our advantage...
-In this way we can work for greater rewards, while reducing the level of risk we'd normally have to face
12. We must deal with both major types of risk
-Exogenous (External) risks, and the even more insidious form of...
-Endogenous (Internal) risks - Biases, incomplete information, overconfidence, risk misperceptions & decision making risks
13. Since risk management has a cost, and its impractical to manage every single risk, it becomes critical to prioritize the risks we face and determine which risks to AVOID (if possible) which risks to ACCEPT and MANAGE, and which risks to ACCEPT with no special risk management initiatives in place
Risks with the “highest” impact are usually “surprises” that we don’t expect or believe are unlikely, and as result, are not prepared for in advance
14. It’s much more effective and less costly to prepare for risks in advance.
-Working to avoid risks (if possible), and to reduce their likelihood, and/or limit their potential impact when they materialize is much more effective and less costly when done in advance. Waiting to recover from the effects of risk after the fact is a much more costly and time consuming strategy
15. Risk preparation steps include...
Avoiding factors or situations that expose us to a given risk/set of risks in the first place
If we must accept a risk(s) in order to achieve a given objective the following steps need be completed:
1- Identifying the risks we’re exposed to
2- Fully understanding the context, likelihood, impact and our unaided resilience to recover from the impact of risks that occur
3- Then...put practices in place to reduce the likelihood of risk(s) occurring & minimizing their potential impact when they actually materialize, and improving our resilience
4- Continually monitor those risks, and the effectiveness of initiatives we have in place to manage them ... While also being vigilant for any established risk(s) that develop new risky characteristics...plus new emerging risks that can "pop-up" as the result of the unintended consequences generated by innovations in apparently unrelated fields.
"It's not a problem...if you're prepared for it"
- Seth Godin -