In this challenging time for the events industry, we have had a lot of client questions about risks, issues, and how to manage them easily. Risk management can seem confusing at first, but following a few simple principles can help you establish a risk management framework that fits your business and the scale of your events. No matter how well we plan, every event has to manage risk – in good times and bad. Building risk management into your day-to-day planning will benefit you greatly when things don’t go as expected.
This piece provides you some best practices to:
- Track your risks and issues
- Know the difference between a risk and an issue, and how to manage each
- Get the basics in order
- Record your risks effectively
- Plan your steps, and act on them
- See uncertainty as not just about risk, but as also about opportunity
- Be open, transparent and accepting about risk
1: Track your risks and issues
This may sound obvious, but many event managers fail to track and manage risks in any meaningful way. With our focus normally on delivery and problem solving, we often don’t spend enough time thinking about potential risks to our projects. Equally, by not considering uncertainties we can also be caught flat-footed when an opportunity arises that we can’t capitalise on. By simply writing down things that you think could go wrong and their impact on your project, you’re beginning to manage your risk profile.
2: Know the difference between a risk and an issue, and how to manage each
We often hear the question “what is the difference between a risk and an issue”. The distinction is relatively simple, but needs to be understood if both are to be managed effectively.
Both risks and issues relate to unplanned events that can have an impact on your project. A risk is something that might happen that would have an impact on your project. An issue is something that is currently happening and is having an impact on your project.
For a simple example let’s look at a project of running from one side of a field to the other.
A risk is the poor surface in the field which may cause you to trip, resulting in delay or inability for you to complete your run.
An issue would be tripping due to that poor surface in the field.
When managing the risk of the poor field condition, you might take mitigating actions to eliminate or reduce the risk, such as filling holes before you start to run, or wearing padding so that you are less likely to be injured if you fall. You might also build a contingency plan with all the steps you’ll take in the case that you do fall, enabling you to still make it to the other side of the field.
When managing the issue of the poor conditions causing you to fall, you would enact that contingency plan to ensure that the actual impact to your project of running across the field is as small as possible. These actions should be given priority, as without them the project is likely to fail.
In risk and issue management it’s important to ensure items are classified correctly. Most importantly, if a risk comes to pass, it’s important to change that risk into an issue so it can be managed appropriately. Fortunately, in WeTrack this could not be easier. Simply move the likelihood slider for a risk all the way to the right, and you’re now tracking it as an issue.
3: Get the basics in order
An effective risk management framework needs two key components:
- A Risk Management Approach
- This is your internal plan that defines how your organisation approaches risk. It defines responsibilities for managing risk, what the risk tolerances and thresholds are, how risk impact and likelihood is measured, and how risk review is built into your organisational governance.
- A Risk Register
- This is the tool that you use to capture, analyse and report on risks. The WeTrack Risks & Issues module is one example of a risk register.
A Risk Management Approach does not need to be complicated, but you do need to have one. This will ensure everyone understands their roles, and risk planning is built into your everyday activities.
What are the roles, and who holds them?
It’s important to define who in your organisation is responsible for recording, managing and reporting on risks, who is responsible for making decisions on risk, and who is responsible for carrying out the actions. For larger organisations, these roles can be variable depending on the severity of the risk being managed.
How are risks categorised?
WeTrack uses two 5-point sliding scales to classify risks: one for impact, and one for likelihood. The risk/issue rating is then automatically calculated based on these values. A good risk approach should set guidelines for each of these scales so that classification is consistent across all risks. For financial risks, as an example, it makes sense to set thresholds for each impact level based on the overall project budget. A financial impact of £0-£1000 could be classified as 1, whereas a financial impact of £100,000+ could be a 5, with appropriate thresholds in between.
How often are risks discussed, how are they reported, and who are the stakeholders?
It’s important to make sure that risks are regularly discussed, and at a variety of levels. As part of your planning it’s important to decide levels of responsibility for risk management to ensure decisions are taken at the right level. Top-level executive time and resource is always limited – make sure that they are only seeing the key risks that are business critical. Keep the less critical risks at the department level or lower, as appropriate. An efficient risk management approach will ensure that when executive time is needed to manage risks, it is available.
4: Record your risks effectively
Being clear and concise when you record your risks goes a long way to ensuring you manage them effectively. All risk registers will have a place to capture a title and risk description as a minimum. Make sure you include the basics of uncertainty, event, and outcome in your title to make it clear what the risk or opportunity is.
An example of a poor risk capture might be “Heavy rain”. This title does not tell us anything about the potential issues this might cause. Instead, try writing something more descriptive like “Possibility of heavy rain, leading to local flooding, resulting in the course becoming unusable”. Anyone reviewing the risk register will know exactly what the risk is at a glance. You can then use the risk description to clearly detail the specific areas where the risk would impact your planning and delivery.
It’s also important to only capture risks that may have a material impact on your project. Don’t waste time discussing and resolving risks that would have little to no impact on your project if they were to come to pass.
5: Plan your steps, and act on them
Once you have identified your risks, you need to act on them. There are lots of different strategies to evaluate and manage risk. In the events world we most commonly talk about mitigation and contingency.
A mitigation plan is a series of actions you take in advance of a potential event that reduces the probability and/or impact of that event. Once a mitigating action has been taken, the probability and/or impact of the risk occurring is reduced. An example would be the risk that the internet connection to your venue may fail during your event; a mitigation of this risk would be to procure a second internet connection from a different provider. The impact of the first internet connection failing would now be reduced as there is a second connection to serve your venue. The service may not be at the level you planned for in normal operations but would be better than a complete outage.
A contingency plan, on the other hand, is your plan for a risk once it becomes an issue. A contingency plan will identify the likely steps needed to resolve a potential issue, including who is responsible for enacting them. To use our example of an internet connection failure, a contingency plan would list the steps to make sure all users were switched to the backup connection, as well as the steps to contact the service provider to have the primary connection restored. Once a contingency plan is completed, your project should be back on track, or as close to it as possible.
6: Uncertainty is not just about risk, it’s also about opportunity
There is a tendency in risk planning to only focus on preventing negative outcomes. Uncertainties can also create positive possibilities, but only if we are ready to act when an opportunity arises. To use the above risk of possible heavy rain, an opportunity might present itself in a major event for additional retail sales of ponchos and umbrellas. An opportunity plan would include steps to make supply purchasing decisions based on weather forecasting in anticipation of customer demands.
7. Be open, transparent and accepting about risk
Risk management is about looking into the future and planning for uncertainties. It is not about apportioning blame where planning has not been up to scratch. The identification of risks is important to project management and should be encouraged by all levels of management. No event, big or small, can ever go 100% to plan. By regularly looking at your risk profile and assessing where gaps may exist, you will improve the overall delivery of your events and be better prepared when issues do occur. By building mitigation and contingency plans the ability of your organisation to respond will be strengthened. You won’t be able to plan for every eventuality – but you will be able to better respond by putting your plans into action and repurposing them where necessary.
WeTrack is here to help
At WeTrack we love speaking with our great clients about their operations and the direction they want to take them. Don’t hesitate to contact us about improving your risk management approach, or any other aspect of your project management and event or venue delivery.
Explore our risks & issues module here:
We have also produced a comprehensive white paper aimed at helping events, venues and organisations to deal with uncertainty. Click here to read The Complete Guide to Risk and Issue Management.