by Sam R. Harkreader

Managing risk is like working a maze, the kind you find in puzzle books.

Each maze has a beginning and an end, and often rules are applied. It would be unwise to begin a maze without first learning the end point and the rules of the game. If the rules allowed you to simply pick up your pencil and jump to the end, the game would be simple, albeit not very fun. If, on the other hand, the rules required you to start at the beginning, not lift your pencil and not backtrack, the game would be more difficult and challenging. Clearly, the strategy for winning differs based on the rules.

Similarly, everything you do in the workplace is for a reason: achieve the objective better than your competition. Avoiding penalties is helpful too.

Typically, people seek the path of least resistance within the rules until they reach their objective. As they work their way through the maze, they are sometimes met by walls that halt their progress. Just as there are consequences when choosing the wrong path in a puzzle maze, there are consequences in the workplace for making the wrong choices. Consequences are often predefined by the rules of the game. If the rules allow us to continue playing after a misstep, we get up, brush off and continue on.

Working many mazes throughout their lives, people have learned lessons and developed strategies that work best for them given their circumstances. Implementing improved strategies improves their chances of success the next time. There are some basic strategies that tend to work for everyone. For example, when the maze is small, we may look ahead and see the entire solution. In this case, we just trace the path and we’re done.

In some cases, you misstep and find yourself at a dead end, just as you do in the workplace. If the rules allow backtracking, you can do that, but it often comes with a penalty. If the rules do not allow backtracking, a misstep can make the difference between success and failure.

As the maze becomes more complex, your strategy must adapt. One option is to work forward from the start and backwards from the finish in hopes of finding an intersection. Combining the two paths, you can see the entire route, greatly improving your odds of success.

When the maze is even more complex, your mind becomes saturated before you see the entire route and your odds of success decline. With a more complex maze, your strategic options narrow and you must take on more risk as you start moving towards the goal point. If the rules allow, you may find it helpful to take extra time for a look ahead and conduct an analysis to minimize having to backtrack to correct errors.

It is common to look ahead as far as you can and then take cautious steps towards your objective, maintaining a clear focus to avoid errors. Everyone makes calculated decisions and inch towards the objective as they scout for traps. Unlike the previously stated strategy, factors may prevent us from connecting the start path to the finish path in one stroke, forcing us to progress with less certainty of the entire route. As we approach the end point, we may choose to add another strategy. For example, we may shift our eyes to the end and then work backwards until we see a clear path to our current position. In this case, we’ve combined strategies, something we also do in the workplace.

Since your risks are relative to your objectives, you must first clearly identify your objectives. In order to do so, ask yourself, “What am I trying to accomplish?” When risks are associated with a project, you may find it helpful to create an objective-based work breakdown structure. For each objective, ask yourself these two questions: “What event might prevent me from achieving this objective?” and “How will I know when this event occurs?” Log your answers to these questions; they will serve as an initial comprehensive list of risks, each of which deserves a response.

For each risk, you can conduct a qualitative analysis, followed by a quantitative evaluation. A qualitative analysis provides an initial screening of the risks so you know where to focus your resources. Starting with the more critical risks, you can continue with a quantitative evaluation of each risk to determine the impact each may have on your stated objectives.

You can analyze your risks by reviewing history and other special data. History in incident reports, vendor service records, production records and maintenance records can identify trends or correlations. In addition, data from project plans, production plans, economic forecasts, workforce availability, etc., can provide additional clues that can help you predict the outcomes of your plans. Analysis may compel you to develop risk response plans and integrate them into your overall implementation plans.

The impact of each risk can be measured according to one or more acceptance criteria. In other words, if you order a red car with four wheels to be delivered in one month, you have specified three criteria, each of which can be used to evaluate risk. For example, you could receive a blue car instead of a red car, or five wheels instead of four wheels. The implication of receiving a blue car with four wheels is quite different from the implication of receiving a red car with five wheels. For this reason, each attribute also needs to be weighed relative to one another. Again, the objective must be clear.

The acceptance criteria become risk factors. If you make risk response plans that improve the net impact to these factors, your risk management efforts are value-added, otherwise they are not.

A look ahead in the workplace can help you make more reliable decisions and take action that counts, just as looking ahead while working a maze can help you reach the end without backtracking.

All your objectives have risk factors, so a risk management system that evaluates risks relative to those risk factors will provide the best risk response plan. Current risk management systems are not ready, but technology advances on the horizon indicate that risk management systems will provide breakthrough opportunity in the years ahead.

The risk management paradigm will change. Someone will lead.