Skip navigation

BLOGFive Steps to Reduce Risk

by Randall CraigFiled in: Blog, Make It Happen Tipsheet, RiskTagged as: ,

Are you keen on risk?  Do you seek it out?  Most people and organizations don’t – and for good reason.  Yet risk is not necessarily bad: it is part of the risk-return equation; it doesn’t identify only exposure – it also identifies potential opportunity.

What is bad is unnecessary risk.  This simple framework can help:

Step One: Identify all of the potential risks. (Including the risk of non-action). This is a brainstorm that should consider all of the potential problems that might occur.

Step Two: Probability and Impact. What is the likelihood that the risk will occur?  What will happen to the organization if the risk comes to pass.  A useful analytical tool is to put these dimensions on a two-by-two matrix.  Needless to say, your attention shouldn’t be spent on the low probability-low-impact items.

Step Three: Mitigation strategies. What can be done to reduce the chance that each risk might occur? What changes to process or methodology? To the people involved? To the technology? To the terms and conditions?

Step Four: Monitoring. Often it is easier to reduce or remove a risk if it is identified earlier in a process than later. Define – up front – how the initiative will be monitored, and who will be monitoring, and how it will be reported.

Step Five: Disaster planning. For each of the identified potential risks, how will each be handled if they were to come to pass? A useful question to ask, for each risk, is “what is the worst that can happen?” Having contingency plans in place helps the business survive with minimum disruption. As should be obvious, when disaster happens, most people are in “panic mode”, so having done the thinking beforehand is invaluable.

Bonus Step: Insurance. Many risks can be insured against – often at a surprisingly low cost.  (Organizations who purchased pandemic insurance prior to COVID have a far more positive future…)

These five steps make a lot of sense, but when considering risks – most organizations – go in the opposite order, starting with insurance, then disaster planning, and maybe, just maybe, monitoring. Most don’t consider mitigation strategies, probability/impact, and ignore step one, identification, completely. Doing it the right way means that you’re planning for less ominous disasters, and less costly insurance.


Risk is everywhere – from operational, to financial, to legal, and so on.  Because digital is usually newer for most organizations, this week, focus there.  (More on digital risk management here:  Insight: 34 Social Media RisksViewpoint: Risky Businessand Identifying and reducing Facebook risks.)

Does this topic resonate? Reach out to Randall: he can present it to your group.  (More presentation topics)
See Randall’s professional credentials: Download one-sheet.

@RandallCraig (Follow me for daily insights) Professional credentials site.



Randall Craig

Contact us for more on Randall’s topics, availability, and audience fit.

Back to top