Evaluating risk tolerance

How to identify the right level of risk tolerance for your business

When risk-taking tips over into unethical behavior, organizations face potentially catastrophic outcomes. But is all risk-taking bad? Certainly not. In fact, it’s essential for business growth. To put it simply, a business that takes no risks is quickly out of business.

Risk has become something of a dirty word in recent years. Skim through any news site, and you’ll find click-enticing headlines about businesses engaged in risky behavior:

As Volkswagen Pushed to Be No. 1, Ambitions Fueled a Scandal

Jury to Decide: Were Shkreli’s Gambles to Save His Drug Company Criminal?

The Bust Never Ended for Wall Street’s Most Crisis-Scarred Banks

I’ll paint a picture to illustrate the point.

Most of us have a shared experience of learning to ride a bicycle. When you think about it, this is pretty risky behavior. You’re moving at a high rate of speed on a machine you can barely control, and your ability to make quick informed decisions is…well…immature. But the potential rewards are incredible. There’s no better feeling for a kid than the freedom of riding a bike and taking off in search of adventure (preferably without your parents hovering nearby).

So we take the risk.

We climb on the bike.

We wobble and fall and skin our knees and then do it all over again.

Why?

Because the reward outweighs the pain.

And so it is with business.

We take risks and wobble and fall and try again, all in pursuit of rewards that outweigh the pain. But we don’t do this mindlessly (in most cases). We take steps to manage risk so we can improve our chances of gaining that reward.

Turning back to our illustration, what risk management strategies did we employ as kids to improve our chances of mastering our bicycles? Here are a few that come to mind:

Risk Mitigation

This is all about reducing the likelihood or impact of pain. We ride bikes that fit our bodies and that have functioning brakes or training wheels to reduce the likelihood of a fall. And we wear helmets and elbow/knee pads to absorb the blow when we inevitably hit the ground.

Risk Transfer

This is all about sharing the potential for pain with someone else to reduce our own exposure. When we’re really little, we might jump on a tag-along bike and transfer risk to a parent who has better balance and physical control.

Risk Avoidance

This is all about taking steps to eliminate negative outcomes. So we might stay indoors on a rainy day rather than riding bikes to avoid falling on slick streets.

Risk Acceptance

This is about being OK with potential negative outcomes because the reward is entirely worth it. Yeah, we know that we might have a wipeout when we climb on our bikes, but we do it anyway because the experience is so satisfying.

In the business world, we employ similar risk management methods.

For example:

  • We mitigate risk by conducting research or implementing controls to reduce the likelihood or impact of a negative outcome.
  • We transfer risk by purchasing insurance, whereby another company assumes some of our exposure to negative outcomes.
  • We avoid risk by re-designing, changing direction, or deferring projects until market conditions improve.
  • We accept risk by moving forward with speed and agility to seize the opportunity while it lasts.

It turns out, the principles of risk management are somewhat human in nature. We employ risk management strategies throughout our lives as we pursue rewards and protect ourselves from pain.

When we take chances and go after new opportunities, carefully managing risks along the way, we have the potential to grow as individuals and organizations. Give that some thought as you plan your next project or pursue that next job opportunity. How will you gain the outcomes you desire while avoiding potential pitfalls? Turns out, you may have learned all the risk management strategies you need on your old, trusty bicycle.

About the author

Sarah Nord Director Learning at Onspring GRC Software

Sarah Nord
Director at Onspring
10 years GRC experience