Nahar Al Mutawah
Chief Operations and Services
We all know the phrase making lemonade out of lemons, the same can be applied to an organization studying risk mitigation. Many organizations react to an emergency evoking their procedure whilst trying to fit the emergency into one of their predefined boxes. This is not realistic nor is it practical. An organization seldom gets a situation which is straight forward when faced with an emergency, most emergency’s carry unpredictive scenarios or events which cannot be prepared for in advance. Furthermore, some allocate emergency response to one or two teams within the organization, not accounting for the holistic ripple effects on the organization and external stakeholders.
If we take an operational emergency, the logical responsibility is on the operations team. However, depending on the type of situation and the level of control this emergency often spills over and effects multiple stakeholders, internally and externally. This is not always apparent in an organization; most teams focus on their area of expertise and are unaware or uninformed of the consequences outside of their bubble.
District cooling, If the pipe distribution network, a major component of a district cooling system, springs a leak the operational team will react and address the issue. However, they will not necessarily see the legal implications associated with the situation, nor would they know of the impact on the organizations reputation and customers. It is imperative that an organization has a blanket understanding of all implications for emergency situations, this could save an organization damages and costs.
So how does an organization prepare for the worse and assume the unexpected? A good place to start is with the identification of risks and the associated impact. Most organization will know the major risks which may occur, this will help to identify the many branches of the risks and the affected stakeholders and potential outcomes. At the identification stage it is important to involve all sections of an organization, this will aid in defining the risks associated with their area of expertise and help illuminate all dimensional factors, resulting in a detailed risk management procedure.
After all possible risks have been identified the complexity and impact can be determined. Some risks have minor impact on the organization where others yield great risk and may affect the functionality and existence of an organization. At this identification stage it is imperative for management to establish thresholds for allowable impact, the level in which the organization can be affected without damage commercially or to its clients/customers. A risk impact matrix can be a useful tool in determining the threshold and mitigation steps, whilst creating a road map for the controls and monitoring.
Risk identification and matrixes may seem like common sense, most management teams gather, brainstorm and record what they think are the organizations risks, before disseminating it to the concerned departments. However, without involving the people on the ground whom have more experience in their field, the mitigations and controls will fail. Inherent risks are not easy to identify, they cannot be determined by a brainstorming session but more so from consulting with the ground teams.
Risk management is an organizational responsibility. preparation and research are key to managing risks, but more importantly having a proactive approach to risk as opposed to a reactive approach will decide how the organization fairs in such situations.