As we make progress in risk analysis, utilizing better weather prediction equipment, remote sensing and satellite imagery, and systems for dealing with violence, it might seem that risk management would get easier. But the truth is, even with advanced technology and better understanding of risk assessment and prioritization, there are still many obstacles to managing risks effectively.
Lack of resources
Having the resources to act on all the information can be an obstacle to risk management. Even getting the information needed to act requires resources that many organizations don’t have. Identifying the risk doesn’t mean the finances are there to fully mitigate it. Up-front costs can be high and credit isn’t always an option. Organizations may not have dedicated personnel for managing risks fighting for that budget, and monies are more likely to go for day to day operations than a security measure for a potential disaster.
Defend your security budget. Know what you need and how to sell it to the c-suite so they understand the money is being well spent. Investing in security upfront to mitigate risk will likely cost less than dealing with fallout from a crisis the organization wasn’t prepared to deal with.
Dissemination of information
Information about risks may be available, but the people responsible for risk management may not be getting that information if there isn’t an established process for getting it to them. If the people receiving the information don’t understand what it means or what to do with it, it’s of little use in risk mitigation.
Having a team or at least one known go-to person for risk management, and educating staff about who that person is, what they do and what they need to know, will help ensure information is going to the right place. Risk management may not be in everyone’s job description, but everyone needs an understanding of their part in identifying and alerting the right people with information about risks. Put procedures in writing and make them available so everyone knows who to contact and what to do.
Lack of control
There will be factors of risk management that are simply out of your control. Your plan may rely on public goods and services that your organization doesn’t manage directly. Buying insurance is good way to mitigate the risk of financial loss in case of a crisis, but that only works if the insurance company doesn’t find a loophole or reason not to pay out on your claim. Be aware of areas you can’t control. If it’s reasonable, put a backup plan in place to cover any shortfalls.
You can’t anticipate every risk, and even if you could, you couldn’t possibly mitigate them all. Fix what you can. Prioritize your risks and focus on what you can do. Take note of where you can make a difference and focus energy and resources there while also identifying your major obstacles, and work diligently to get past them where you can.