Strategic Risk: Generally strategic risk is at the enterprise level and requires a business risk management enterprise plan. There are many models that can be used. At this level risk management, planning and analysis should be part of the strategic planning process. An enterprise risk management plan should be created that addresses strategic planning elements, cultural risk appetite and attitude, governance, stress testing, identification, measurement, response and control. These elements should be brought forward as a standard in the rest of the organization. On a regular basis the organization should complete an enterprise risk environmental scan to ensure they keep their business risk artifacts current.
Tactical Risk: This level of risk is at the project management level. Often it is part of the project management process for key approved initiatives. Its objective is the successful completion of the project while addressing risk concerns effectively and efficiently as possible. Often tactical risk analysis requires that the organization have a risk management plan that provides the guidelines as to how risk is to identified, qualified, quantified, responded, controlled and monitored. Guidelines should be provided by the business enterprise so that project teams do not create their own risk management standards.
Operational Risk: The here and now of any organization is the operational level. It is what happening with the frontline of the business from your customer facing employees, the manufacturing floor equipment and product assemblers, to the field maintenance people. Operational risk varies by company and by industry. One thing is for sure, operational risk needs to be aligned with business guiding principles to ensure people and equipment is functioning appropriately. For example, safety is a huge issue in a number of industries. Therefore, risk response mechanisms need to be put into operational place to minimize risk impact.
Risk management, planning and analysis are a huge discipline that impacts all levels of the organization. It is not something that is meant to be done neither in isolation nor with a single group. When you consider risk management consider all levels of your company. Maybe by putting together a solid risk management plan there will be a less of a need to carry a rabbits foot.
Don't forget to leave your comments below.