Pentacle has recently been working with the Chief Executives of some of the largest foreign aid charities in Ireland. They face real risks that change hourly and which they need to deal with as they arise.
The Old World way of dealing with these risks is to gather them all up, assign an arbitrary description based on likelihood and severity (High, Medium and Low) and then put them in a risk register. If you are really lucky the auditors will come around annually and check that you have done it right ;-)
Does it really make sense to write a list of what might happen and then put it on a shelf where nobody reads it? Is this approach even relevant when lives are at risk?
In the New World, where change happens at the speed of light, you need a different approach. Luckily, we don't need to learn how to do it because we have all been part of a government sponsored programme to teach us about risk... using Science Fiction movies.
Don't believe me? Think back to watching those movies …
You know the story, the ugly, green, drooling, slimy monster arrives on Earth; the natural reaction would of course be to run away, but no, the hapless hero immediately wants to investigate further. At the first sign of aggression from the alien, our hero tries to blast it with his laser gun. If that doesn't work (and it usually doesn't), then they usually try and capture it whereupon they stick it in a "secure facility" and put some unhinged scientist with wild hair and pebble-thick glasses in charge. When that all goes pear-shaped (and it usually does), then there is usually a"Plan B" which seems to involve a thermo-nuclear device.
Well risk management is just the same. First you have to Identify the risk, then you should FIX IT NOW!TM No messing around putting it into a risk register. If that isn't possible, you should contain it (while monitoring the whole time). And just in case, you should have a Plan B.
How do you manage your risks? Still putting them in a risk register? Are you surprised when the alien turns around and bites you?