How and Why Risk Management changed my life…
TLDR: A quick introduction on how I learnt about Risk Management and how it improved my life at the same time…
Up until 2016, my life was very chaotic and extremely demanding physically, mentally and emotionally. I was working full time as an IT and Information Security Manager, while on some occasions studying full time, questioning all my interactions with family and friends, struggling with a failing relationship and mentally I was completely exhausted. I spent many evenings resorting to vices like gambling as my outlet to feel a sense of control because everything else seemed to be out of my control. I was no Grand Theft Auto character although but for someone like me who grew up within a strict church background, I felt like I was Tommy Vercetti.
Thankfully I am no longer in those predicaments and in 2020 I can look back and see how Risk Management and Information Security helped to turn me into a stronger more resilient human being. Understanding the concept of risk vs reward against my own life opened my eyes and made my life 1000% more manageable.
Risk Management is a peculiar occupation. In the media, it is seen as the type of job for the boring type of person. The last reference to Risk Management I can remember is with the movie IT Chapter Two when James Ransone was playing Eddie. Following the first IT movie where Eddie as an individual was shown as out of control in his youth which was driven by his upbringing, I think the writers attempted to show the progression within the character by representing him as a person who wished to gain a better understanding of controls in his adult life. Even though it seems a bit cliché, this happened to me and I will try to provide an overview of how it occurred in my life. If you have never been involved in Risk Management, this should provide you with an introduction to what we do and why we do it. For all readers, I hope this provides you with some extra support and context to your life.
Risk Universe = My Universe
As mentioned earlier my life was a bit chaotic. I was running around like a headless chicken not knowing how to balance my life. This same imbalance can happen within organisations and this is where Risk Management can come in to assist. Risk Managers and Analysts, usually as an independent function, are supposed to help provide context and identify the types of risks into management chunks. The result is a Risk Taxonomy. Typically this would include categories like Strategic Risk, Business Risk, Financial Risk, Operational Risk, Third Party Risk, Compliance Risk and other organisation specific risks. Having a clear delimitation of risk categories is fundamental in quantifying your risks to aid the management of business decisions.
When it came to my personal life, I didn’t really understand what the risks were around me; I was simply living and not understanding. Once I understood my life could be seen as a business I started to direct my decision making and once I had seen that parallel, there was no stopping me. My next question to myself was ‘What are my goals and why are they my goals?’ Fortunately, I had goals when I was in high school and from 16 to 26 I had hit every single one however I had stopped setting new goals and I didn’t know why.
These goals and objectives were part of my Strategy and I realised I needed to understand why they were my key aims and what I was willing to risk and do to make them come into existence. In Risk Management, the latter is called Risk Appetite statements. These are used to steer you towards your strategy while providing a sustainable balance to your decision making.
My life had many categories including Strategic Risks, Mental Risks, Physical Risk, Emotional Risks, Relationship Risks, Social Risks and Financial Risks. In the middle of 2015, I started to think about what areas of my life were risking my strategy, my knowledge, my body, my thoughts, my interactions, my impacts on society and my money. Until that time, most of my goals were financially and socially led via work and religion, and I started to realise I wanted to steer more towards the other types of goals. I made a conscious decision to lead with Mental, Emotional and Physical goals, it felt a bit selfish but I could see these were the foundations of my humanity. However I was in a dilemma, my position in life was in one form and I needed to switch to another. If I did nothing and took no risks I would be static; I needed to take control.
Inherent Risks represents the amount of risk which exist to business goals without controls. There are many ways to measure the risk but within Risk Management we typically use quantitative calculations or Risk Models to work this out, which is the impact combined with the likelihood of the risk happening. For example, if a business does nothing to control their business operations, like quality assurance, then how much not doing this process impact the business and how likely is it to happen.
In Part 2, I’ll provide a few examples of calculations and explain how I used it to take control of my life.
Note: The contents of this article are my opinions and not the views or opinions of my employer or other entity.