There’s no doubt that we’re living in the age of Big Data. The numbers tell the story:
- 2.5 quintillion bytes of data are created each day.
- 90% of all data in the world was created in the last two years.
- 50 billion connected devices and sensors are expected by 2020.
- 82% of executives say their organizations are increasingly using data to drive critical and automated decision-making, on an unprecedented scale.
- 89% of companies believe that Big Data will revolutionize business operations in the same way that the internet did.
Of course, there are many risks associated with managing an organization and its projects in the age of Big Data. Risk is inherent in all human endeavour, and we need to identify and understand Big Data risks and know how to manage them effectively.
In addition to being able to flex their facilitation style to meet the varying challenges of the risk workshop and different risk identification techniques, the risk facilitator also needs to handle the people who participate in the risk workshop.
Too many organisations use a risk process without understanding the principles that underlie effective risk management. But what are those principles? One place we might look for guidance is the international risk standard ISO 31000:2009 Risk Management – Principles and Guidelines, which includes a set of principles for us to consider. Each of these principles tells us something important about risk management, and together they set a challenging target for organisations who want to manage risk well.
Risk management is about looking forwards, scanning the uncertain and unclear future in an attempt
to discern what awaits us. It offers businesses, projects and individuals a “forward-looking radar”,
identifying threats to be avoided and opportunities which might be captured. Even though the precise
details of such uncertainties may remain unclear, the “risk radar” can make us aware of their location
and size, helping us to formulate appropriate action plans in advance.
Five frogs are sitting on a log; Four decide to jump off : How many frogs are on the log?
Which is the most difficult step in the risk management process? Where do most businesses and projects fail to gain the benefits of their attempts to manage risk proactively? If your organisation is typical, there’s one particular step where it all seems to go wrong, and the risk management process becomes just another frustrating hoop to jump through, with no tangible benefits.
Several things help to make risk management work. These include a risk process that is simple and scalable, which can be applied across the organisation to manage all types of risk. We also need competent people, with the knowledge, skills and experience to deal with the risks that might arise. Infrastructure is also important, providing the tools to support risk management and handle significant amounts of risk data.
It is easy to understand why some people think that the risk response development phase is
the most important part of the risk process. This is where we get the chance to make a
difference to the risk exposure of our project. If we design and implement good risk responses
to address the risks we have identified and assessed, we will be able to minimise threats and
maximise opportunities, and so optimise the likelihood of achieving our objectives. But if our
risk responses are ineffective (or not implemented), the level of risk exposure remains
unchanged – or may even get worse!
If you ask people which technique they use to identify risks, most will include brainstorming in the list,
usually conducted as part of a facilitated workshop. Indeed for many, brainstorming is not just one
technique among several; it’s the only one they use. Brainstorming is popular for a range of reasons:
- Everybody feels involved, with an opportunity to share their opinion openly
- It produces visible results quickly as the flipcharts fill up around the room
We all know that risk management is supposed to manage risks. But people often understand very different things when they use the word “risk”. One way to solve this problem would be to insist that everyone uses the definitions found in risk standards and guidelines. These definitions have usually been produced by groups of experts who work hard to be clear, to say what they mean and to mean what they say. Unfortunately most people ignore official definitions when they manage risk in practice. Instead they rely on their own ideas about risk which are often limited or misleading. This in turn can reduce the effectiveness of the risk process and stop it delivering the full range of potential value.