Risk Assessing Work
Risk Assess Work To Help Prioritise It.
Too much work? Too few staff? Yes, I know. Seems like we're all in the same position these days.
Prioritise your workload!
This article expands on the risk assessment aspect that I mentioned in an article on Time Management and Workload Prioritisation in the Blog section of my website thecrom.com. It is an adaptation (and simplification) of the risk management techniques most organisations use.
This article is not a full-on description of risk assessment - it's just to give you an idea so that you can risk assess work to assist prioritisation. You can make it as detailed or as simple as you like provided there is sufficient rigour and honesty in the process to make the outcome valid.
I find that carrying out risk assessments on all the work tasks that we are meant to be doing is a useful way of identifying those items which need to be done first.
If your organisation has a risk management process then use that one. The terminology may have slight variations from what I am using here but you'll get the idea.
I have found that practice at this process is essential. At first I struggled with the concepts and terminology. Identifying the hazards was important but it was even more important to be able to write them down in clear, understandable and concise terms. Coming back to the assessment at a later date, I immediately found where I could make improvements, such as the descriptions of hazards.
Itemise Work Tasks
Start by itemising all the work tasks that need to be done - here are some examples of things I might be doing:
Transfer the website to the new host organisation.
Buy a new computer.
Transfer all my data across to the new computer.
Buy an external hard drive.
Back-up the computer onto the external hard drive.
Investigate faster broadband supply.
Get some training on website design and management.
Plan, resource, organise and carry out a safety audit on ZZZ organisation.
Get input from the team and write the report on the safety audit of YYY organisation.
Investigate and select a new accountant before my tax return is due.
Improve the relationship with AAA company.
In the examples above some items must come before others whereas others can be undertaken concurrently. I can start transferring the website to the new host organisation whilst I am shopping for a new computer. However, I can't back-up the computer to an external hard drive if I don't own an external hard drive!
Furthermore, these are only examples - you can include strategic goals and break them down into sub-goals. The activities and sub-activities to achieve the goals can be identified. The whole thing makes a business plan. Against all that the resources can be allocated.
When risk assessing the work, it is useful to have an idea of the terminology:
Hazard: this is something that has the potential to cause harm. In other words, the possible things that can go wrong.
Likelihood: This describes how often the hazard may occur and is expressed as a number between 1 and 6 - the higher the number, the more likely the hazard will occur. (More on the numbering later.)
Consequence: This is how bad the outcome is if the hazard occurs and is expressed as a number between 1 and 6 - the higher the number, the worse the outcome.
Risk: This is the product of multiplying the likelihood and consequence together.
Risk Register: The list of items that have been risk assessed.
The risks I am talking about here are Business Risks. Some industries like aviation and resources also have safety risks to consider. For the sake of simplicity and example I am just going to relate the risks here to my business.
Use Desired Outcomes or Goals
The items above are phrased as an activity, "Transfer", "Buy", "Get some training". The assessment process is made simpler if the work items are phrased in a way that describes the desired outcome or goal. I find if they are expressed as goals with dependent sub-goals it is easier to identify what can stop me achieving the goals - the hazards. Here are the work tasks again in that outcome-based form.
The goal is that:
The website is hosted by the new organisation.
The new computer is operational with all my data installed.
A new computer has been bought.
The data from the old computer has been transferred across to the new computer and has been tested.
The new computer has been backed-up onto the external hard drive
An external hard drive has been bought.
Broadband is being supplied at 25MB/s download and 5 MB/s upload (trust me, that's a vast improvement over what I get now!).
I am able to design and manage the website.
We are ready to carry out safety audit on ZZZ organisation before the start date.
The report on the safety audit of YYY organisation is complete before the delivery date.
A contract is in place with a new accountant before tax return due.
The relationship with AAA company is satisfactory.
Incidentally, the goals can be expanded into SMARTER goals and allocated to individuals - see my article 7 Steps to SMARTER Goals.
Let's take some of examples and work through them.
The process can be broken down into steps. Before buying a computer one must decide how big the internal hard drive should be, the processor speed, the screen size, desk-top or lap-top, Apple or PC and so on.
If I am to take advantage of any tax concessions in this financial year I must consider how much time I have before the end of the year in which to buy the computer and hard drive.
What are the Hazards?
What are some of the hazards which may stop me buying a new computer?
The old computer breaks before I have bought the new computer.
The computer I want is out of stock.
And so on - more hazards.
What's the Likelihood of the Hazard Occurring?
Now assess the hazards for likelihood:
Hazard 1: If the old computer is highly likely to break, give the likelihood a high number, say, 5 out of 6. If not so likely then give it a 1.
Hazard 2: Will the shop receive deliveries of new stock so that I can buy the computer before the financial year end? How confident does the dealer sound that the stock will arrive in time. How important is it that the computer is bought this year? If it is very important to have the computer this year but there is plenty of time, give the likelihood a lower number, say, 1. If it seems there is a probability that the computer will not arrive in time then give it a 5 or 6.
What's the Consequence of the Hazard Occurring?
Now let's turn to Consequence (also known as Severity). If the old computer breaks, will I be able to do my work? How bad is it that I can't read emails? Can I read them on my phone for a short period until I buy the new computer? What about spreadsheets and word processing? What other apps will I not have access to that are important? What is stored on the internal hard drive that I don't have access to in any other way that I may need? If my phone can substitute for my computer I can give the consequence a low score but if I really need my computer working then it must be a high score.
Likelihood x Consequence = Risk
In the end, I decide that the likelihood of the computer failing before financial year end is low and give it a 2 but the consequence of total failure is 5. Multiplying 2 by 5 gives me a risk of 10.
Keep a Record
It's important to summarise all that and enter it into the Risk Register. I find it very helpful to put some of the background thinking or argument into the register as well so that, next time, I can review what I have done and understand why I decided on certain scores.
What about a Customer?
Let's now take the relationship with AAA company which we'll say is a customer of mine. What are the hazards? Here is the main hazard:
AAA removes its business from me. (It is always best to look at the worst case.)
In assessing the likelihood and consequence I must consider how important it is to my business that the relationship with AAA is good. If AAA is a big customer of my business, how vulnerable am I if AAA takes their business elsewhere and what can I do about that? Is it just a case of having a telephone conversation with them and clearing the air or will it take more than that? Should we meet? Should I fly to their offices and meet with them? How likely is it that I can improve the relationship with just a meeting? Do I need to do more than that? What else can I do?
Only frank, realistic consideration of the specific circumstances of the case will give me an honest assessment of the risk. I decide that the likelihood of AAA taking their business away is 3 and, because AAA is a big customer I decide that the consequence is a 5. I multiply 5 by 3 and I get a risk of 15.
Prioritising Workload on a Risk Basis
I turn my attention now to workload prioritisation. Having assessed all the work items and inserted them into the Risk Register, I can rank them all in descending risk order i.e. the highest risk top of the list and the lowest at the bottom.
I have given the computer issue a risk of 10 and the AAA issue a risk of 15. Therefore, although I would much rather spend my time shopping for a computer, my risk assessment has told me that I must concentrate on working to improve the relationship with AAA as a higher priority.
In this way, I have shown to myself that what I thought was a more important task (buying a computer) is, actually, a lower priority. I have used some cold, hard assessment, more objectively achieved, to give each item its correct value.
In theory, the resources available can then be allocated against each in order of merit and it becomes apparent which items are going to be dealt with immediately and which will not get done until later, if at all.
The first time I did this on genuine work tasks I was a bit worried that some of the work would not be addressed for a long time and some may never be addressed at all. However, I took comfort from the fact that the stuff at the bottom of the list was the lowest risk.
Another advantage is that you can show your Boss good evidence that the important tasks are being addressed - the riskiest work at the top of the list. However, if the Boss decides on a different order, that's her/his choice to make in the light of solid information. That’s why the Boss gets the big money!
Other Hazards - Fire?
By the way, if you don't already have enough work, try this. Think of hazards to the business of a more general nature. Like, flood or fire. What would be the outcome to the business if the office burnt down? No, not "Party time!"
Doing this assessment could seriously increase your workload if you haven't considered such things before.
Many years ago, I assessed the safety case for a large air traffic control (ATC) unit where all the data, radar and communications lines were routed through one room in the building. If that one room was destroyed by fire, the whole of the ATC unit would cease operation. The operators of the unit wouldn't have known that that was the case without having carried out the risk assessment. As a result, the fire suppression facilities in the room were significantly improved as a short-term measure until more permanent mitigation like duplication of lines could be implemented. That was unexpected new work!
Peter Cromarty is a former air traffic controller and pilot. He spent 27 years as a safety regulator of ATM/CNS, airspace and aerodromes.
View his Linked In profile.
If you have read this far and you are still wondering what the heading photo shows, it's a Remotely Piloted Aircraft (RPA) that crashed on 01 October 2012 at Kingaroy, Queensland during a competition for RPA Systems.