The lifecycle of risk management can be broken into three basic phases: identification, assessment and mitigation. Companies with truly mature risk management programs have processes in place for each of these phases, but companies just getting started with risk management are not always as comprehensive in their approach. In fact, it’s not uncommon for an organization to start addressing risk by focusing on identification and assessment, but not yet have defined plans in place for mitigation once an event occurs.
However, it’s important to realize that mitigation is arguably the most important part of the risk management lifecycle. Sure, it’s possible to play it by ear when a risk event occurs—make the phone calls, make the quick decisions on the spot—but it’s not the ideal way to handle this kind of situation. The emotional impact of a major problem is so strong that having a defined plan is essential to optimize rational and structured actions.
At Zurich Insurance Group, we help companies make sure that they’re actively covering the mitigation phase of the risk management cycle by defining business continuity plans for specific risk events. And one of our most interesting takeaways from this experience is that an action plan for a specific risk event can sometimes be applied in cases where an unexpected, different kind of risk event occurs. In our recent webinar with riskmethods, we discussed a case study where an action plan for a helicopter crash was applied after a snowstorm.