John Paul Consulting

Schedule A Call

Lesson 7: Risk Management

In this lesson, we will focus on Risk Management, an essential function for protecting an organization from potential threats and ensuring long-term stability. We will cover identifying risks, mitigating risks, and effective crisis management strategies.

Identifying Risks

The first step in managing risks is to identify potential internal and external threats that could impact the organization. This involves a thorough analysis of all aspects of the business to uncover vulnerabilities.

  1. Recognizing Potential Internal and External Risks:
    • Internal risks arise from within the organization and can include operational failures, compliance issues, and employee-related risks. External risks come from outside the organization, such as economic downturns, market competition, and natural disasters.
    • In 2008, the financial crisis revealed significant internal and external risks in many industries. Companies like Lehman Brothers underestimated their exposure to risky investments, leading to catastrophic failures. We have to learn from the mistakes of others without getting locked down by fear.
    • “The greatest risk is not taking one.” – Mark Zuckerberg. This is the visionary speaking! The great COO acts as a tension to the risk taking visionary many times. They have to be willing to use “radical candor” and speak up when they see major problems with the company taking certain risks at certain times.
  2. Conducting Risk Assessments:
    • Assessing risks involves evaluating the likelihood and potential impact of each identified risk. This is a tricky balance to maintain as a COO, assessing risk and pushing for growth.
    • Boeing conducted a comprehensive risk assessment when developing the 787 Dreamliner, identifying supply chain vulnerabilities and potential production delays. We also see Boeing becoming known for not listening to whistleblowers who were identifying problems with the planes.
    • According to PwC, 68% of companies have experienced an increase in the number of risks in the last three years, highlighting the importance of thorough risk assessments.

Mitigating Risks

Once risks have been identified and assessed, the next step is to develop strategies to mitigate them. This involves creating plans to reduce the likelihood of risks occurring or minimizing their impact if they do.

  1. Developing Risk Mitigation Strategies:
    • Risk mitigation strategies can include diversifying supply chains, implementing robust compliance programs, and investing in technology to reduce operational risks.
    • After facing numerous cyber-attacks, JPMorgan Chase invested over $500 million annually in cybersecurity measures to protect its data and infrastructure. How much money were they afraid of potentially losing over time if they chose NOT to act?
    • “Risk management should be a priority in any organization. It reduces the likelihood of failures and enhances the chances of business success.” – Jim McNerney
  2. Implementation of Risk Management Plans:
    • Implementing risk management plans involves putting strategies into action and regularly reviewing them to ensure they remain effective. One way to do this within the EOS is to allow anyone in the organization to bring a concern immediately or at the weekly meeting without fear of retribution. Easier said than done when it comes to implementing this kind of culture, but this is the leadership a great COO can provide.
    • Toyota’s implementation of quality control measures, such as rigorous testing and feedback loops, mitigates risks associated with product defects and recalls.
    • Companies with a formal risk management strategy are 45% more likely to handle risks effectively (Deloitte Risk Management Survey).

Crisis Management

Despite the best risk mitigation efforts, crises can still occur. Effective crisis management involves preparing for potential crises and developing plans to respond quickly and cohesively.

  1. Preparing for Crises:
    • Crisis preparation involves creating comprehensive emergency response plans, training employees, and conducting regular drills to test the effectiveness of these plans.
    • Johnson & Johnson’s handling of the Tylenol tampering crisis in 1982 is a classic example of effective crisis preparation. Their swift recall of the product and transparent communication helped reestablish consumer trust. do you have a crisis communication plan in place? Is the COO the crisis manager for the organization?
    • “By failing to prepare, you are preparing to fail.” – Benjamin Franklin
  2. Effective Crisis Response and Recovery:
    • Effective crisis response includes immediate action to contain the crisis, transparent communication with stakeholders, and detailed plans for recovery and continuity.
    • During the COVID-19 pandemic, companies like Zoom saw rapid increases in usage and had to scale their operations quickly while managing security risks and user privacy concerns. Their rapid and effective response ensured continued service and managed risks effectively.
    • Effective crisis management can reduce the cost of a crisis by up to 30%, according to a study by IBM.

Key Takeaways

  1. Identifying Risks: Learn to recognize and assess both internal and external risks that could impact your organization, strengthening your resilience to potential threats.
  2. Mitigating Risks: Develop and implement strategies to mitigate risks, reducing the likelihood or impact of adverse events on your business.
  3. Crisis Management: Prepare for and respond effectively to crises, ensuring quick containment and recovery to maintain business continuity and protect stakeholder interests.

By mastering risk and crisis management, you will be able to safeguard your organization against potential threats, ensuring stability and long-term success even in the face of unforeseen challenges.

Next Lesson >