July 16th, 2009 - Managing Risk with RIG
I’m consulting with a wonderful company in Portland, Oregon working along side my most esteemed friend and colleague Paul Henderson.
The topic of how to manage risk came up so I unearthed an efficient risk management tool I use for keeping things humming along in a complex Web business environment.
I’ve dubbed it “RIG” because it’s the easy way to remember the three key elements, each of which must be identified in advance to avoid the kind of disasters we read about daily: name the Risk, identify the Implications, and compare it to the Goal.
Here is the full model:
RIG is an 8-step framework that makes managing risk a simple, straightforward mental exercise. It’s especially useful in cases where the benefits of making a change are self evident and the risks appear at first blush to be non-existent, fuzzy, or minimal.
1. Identify potential areas of risk and who aught to be consulted.
2. Name each RISK, concern, question, or challenge.
3. State the IMPLICATION of each risk.
- What potentially bad thing happens if the risk unfolds?
4. State the GOAL affected by the risk.
- What are you trying to achieve with which the risk comes into conflict?
5. State the level or risk.
- Estimate the probability of the risk occurring
- Establish how severe the results would be if it did
- Decide what it’s worth to avoid the risk altogether
6. Sketch out contingency plan(s).
- If the risk occurs, what will be done to ensure the goal is still achieved?
- How will the various effects and impact of the risk be mitigated?
7. State clear trigger criteria for executing the contingency plan.
- What evidence needs to be true at what point to know that the contingency plan needs to be executed?
8. Define what’s necessary to prevent the risk from happening?
- What decisions are needed to minimize the likelihood of the risk occurring?
- What steps need to be taken to reduce the impact of the risk if it occurs?
That’s it. It’s that simple.