Managing Risk Isn’t a Game

Every business needs to devise strategies for avoiding threats and minimizing negative impacts.

By Diana L. Mirakaj

Did you ever play Risk? It was your typical board game, with a simple goal: take over the world. To win, all you had to do was eliminate the competition – the other players – but it definitely helped to have an understanding on probabilities and strategy development. Hasbro, the toy company that made Risk, also provided options such as Candy Land and Chutes and Ladders for those less interested in global domination.

In the real world, risk is a very real concern for businesses of every ilk and size, including technology vendors and their channel partners. Risk management strategies are action plans that companies conceptualize after conducting a thorough assessment of the possible threats, hazards, or detriments that can affect a business operation, partnership, or project. The purpose of developing such strategies is to decrease, if not totally eliminate, the adverse impact of the known or perceived risks inherent in a particular undertaking before any damage occurs.

Risk management is not for the faint of heart – and by that, I mean lazy. Development of these best practices is somewhat formal, requiring that perceived risks be analyzed according to the likelihood of negative outcomes and the severity of their impact. Subsequently, all risk data should be documented based on its level of priority for monitoring purposes and subsequent management as needed.

Effective risk management consists of a framework for identifying, assessing, and prioritizing risks, as well as applying resources to minimize, control, and monitor the impact of negative events. This multi-prong approach provides stakeholders with the ability to mitigate risk and control future disruption.

Mature risk cultures are characterized by a set of organizational practices aligned to a risk framework that function at a consistently high level. Those practices include, but are not limited to, identification of risk sources from all potential sources – both internal and external – that may undermine sales, product development, and competitive positioning in the market.

This type of risk framework is often accompanied by a mitigation plan that serves as a checklist of anticipated risks, listed in accordance with the degree of their probability – high, medium, or low. Depending on its level of maturity, an organization may have a predefined set of mitigation strategies categorized and listed under each risk level to serve as a reference for project monitoring.

While the main objective of risk mitigation is to limit the impacts of possible threats or business detriment, it’s also critical to establish points where the possible risks may take place in order to effectively prepare to manage them. Such preparation prevents the worsening of damages caused, and allows management to resume its focus on sales, revenue generation, and other operational imperatives.

Poor management can result in chaotic execution of risk management strategies that lack cohesion and create additional risks – of not meeting deadlines or budgets, or not achieving goals, for example. Furthermore, such frenzied motions often result in an intellectual drain on the entire team and a depletion of financial resources. Therefore, keeping tabs on the status of your partners, projects, and business to ensure that risk management is a top priority at all times is key to the health of an organization.

Business isn’t a game, and you don’t get to start over if the card you draw isn’t the one you hoped for. While formalized risk management processes and procedures may be daunting – even stifling – at times, they’re necessary for the effective operation of a mature organization.


Diana L. Mirakaj is president and chief operating officer of The 2112 Group. You can follow her on Twitter at @dlenam.