Space grade risk assessment

Governance
Written By counsel ltd

by Rhys D.W. Jones

Inspired by processes at NASA, I look at risk management that will help your organisation expect the best and be prepared for the worst.

(This quick introduction into risk was taken from rhysdw.com )

nasa-logo-web-rgb.jpg

Risk Management the NASA way

Unsurprisingly, putting a rocket into space is an incredibly risky endeavour and as such NASA takes its risk management process incredibly seriously. Its risk management handbook is over 220 pages long, incredibly detailed and in places completely irrelevant to organisations on earth (it’s not often that we have to deal with space debris colliding with our customers, staff or shareholders).

However, the core principles are invaluable and applied to our organisations to improve the way we deal with risk.

What is Risk?

At a basic level, risk is the possibility of an outcome not being as expected. We weigh up risk everyday of our waking lives, mostly on an unconscious level. Examples of frequent risk calculation scenarios we encounter on a daily basis include:

Should I take an umbrella on my walk today?
Is this the best time to cross the road?
Should I have that extra slice of cake?

(the answer to the latter question is almost always ‘yes’ and ‘I’m happy to take the risk’)

On an organisational level, risk comes from both internal and external sources. The external risks are those that are not in direct control of the management. These include political issues, exchange rates, interest rates, pandemics and so on. Internal risks, on the other hand, include non-compliance, information breaches, staff absence etc

How do we manage risk?

In order to manage the impact of risks in an organisation we need a systematic approach to alleviate any negative consequences of a specific phenomenon. This is known as risk management and is a process by which firms:

Identify, measure, prioritse and mitigate tthe adverse effect of uncertainties
— Chapman and Ward

Risk management is incredibly important and should be at the heart of the organisation’s strategy and coupled with its future objectives. If a company defines objectives without taking the risks into consideration, the organisation will lose direction if any risks come to fruition.

The process that NASA uses to manage risk is called the Continuous Risk Management (CRM). This cyclical method consists of 5 steps with an overarching layer of constant communication. These 5 steps are detailed below:

Screenshot+2020-03-09+at+11.55.55.png

RISK IDENTIFICATION

Continuous efforts to capture, acknowledge, and document risks as they are found. In organisations this can be done with workshops, interviews or data analysis.

RISK ANALYSIS

This is an evaluation of all identified risks to estimate the probability of occurrence, severity of impact, timeframe of expected occurrence and when mitigation actions are needed. The use of risk matrices are a great tool to lead your thinking during this process.

RISK PLANNING

Establishes actions, plans, and approaches for addressing risks and assigns responsibilities and schedules for completion. Metrics for determining the risk status are also defined during this step. Thinking of potential scenarios where things don’t go to plan will help clarify your thinking when risk planning.

RISK TRACKING

Tracking is a way of capturing, compiling, and reporting risk attributes/metrics to determine whether risks are being mitigated effectively and risk mitigation plans are being performed correctly. For example, to avoid loss of office equipment, a sign out register would be completed by staff when an item is required. A monthly inventory check can be taken to see how effective that register is.

RISK CONTROLLING

An activity that utilises the status and tracking information to make a decision about a risk or risk mitigation effort. In your organisation this process could involve action planning, controls and training procedures to help increase control over the risk

Risk Communicating and Documenting

As mentioned earlier communication and documentation are key elements encompassing an effective CRM process.

Well-defined, documented communication tools, formats, and protocols assure that there is an overt action to communicate and document the risk at all steps of the CRM process. This embeds risk decisions and rationales as part of the culture of an organisation rather than being red tape.

Communication and documentation can be in the form of an action item log, risk information sheet, risk database, mitigation plan, status report, tracking log, and/or meeting decision.

Here is an example of NASA’s Zeus project risk management and data flow with communication prompts at every step:

nasa+data+and+process (1).jpg

Now is a good as time as any to review your risk management processes. Whilst NASA’s processes seem arduous, even if you don’t quite achieve space grade risk processes, adopting certain elements will improve the way you identify, navigate and mitigate any potential issues to your organisation.

To quote Norman Vincent Peale:

Shoot for the moon. Even if you miss, you’ll land among the stars.

I hope you enjoyed this small insight into risk management. Let me know how you are progressing by getting in touch on my site rhysdw.com

counsel ltd
Previous

The Solo-Social Spectrum of Sport: COVID-19
Next

Japan’s Paralympic Legacy