What Gets Measured Gets Managed.

Peter Drucker

Risk Icon Package

The package contains:
  • 20 icons for risk consequences, relevant for management
  • A short explanation of each of the 20 consequences and which risk indicators that might support them
  • A short guide for identifying the 20 risk consequences during a risk assessment
  • A template for risk reporting (in word)
  • A template for high level risk overview (in powerpoint)
The following are a few of the the icons in the pack, illustrating 5 of the risk consequences relevant to top management:

Loss of time to market

Relates to the risk of not being able to meet opportunities or expectations in the market in due time. This may lead to loss of competitive edge, loss of customers and loss of revenue. In other words, this is about loosing business agility.

Cost overrun

Relates to the risk of exceeding costs budgets. It is a classic project related risk, where new endeavors may be so hard to predict, that costs may explode, but may equally affect other more stable parts of the company.

Loss of service

The risk of not being able to serve the customers either on a temporary basis or a permanent basis. Loss of service may lead to loss of customer satisfaction, loss of customer trust, loss of customers, fines, legal acts and loss of revenue.

Loss of performance

The risk of losing efficiency and effectivity. This risk can be system based, relating to slow IT-systems or be based on manual performance, relating to ineffective and inefficient employees and suppliers. This could lead to breach of agreements or promises made regarding the company’s services and deliverables, and can result in loss of customer satisfaction, loss of competitive edge, loss of revenue or loss of customers.

Loss of customers

This risk may be associated with product specific customers or company wide customers, single big key customers, multiple medium sized customers or scores of smaller customers. Loosing customers may affect revenue, the bottom line, market and stock value and could indicate that the company is loosing it’s competitive edge.

Why these icons may be relevant

With a lot of companies I find risks consequences described in terms that don’t really get to me. This might be consequences like “reputation damage” or “affecting business”. Both are vague and hard to really get a sense about.

They are also hard to put numbers on. From such descriptions, you would not be able to know how to measure “reputation damage” or how a risk was affecting business, so you as a reader are hard pressed to even think about how bad this could get.

Over the years I have observed that when facilitating risk assessments, I have been leading my clients to a set of more defined and measurable consequences, and I have currently identified a pattern of 20 well defined and measurable consequences that seems relevant to most businesses.

For any risk officer occasionally facilitating risk assessments or just occasionally working on risks, these may come in handy and serve not just as a quick inspiration on formulating specific risk consequences, but also as a way to help the organisation increase the quality of their risk identification process.

To help serve as guidance, we have designed each of the 20 consequences as icons, ready to be use in guiding material to the the organisation.

As a side effect, I have found that the 20 consequences, can be a good way of consolidating risks when reporting to top management, and that the icons serves as an easy and intuitive visual, when presenting a risk overview.

For the more mature organisation, where incidents are identified and managed through the company, the 20 consequences may also be used to classify the consequences of the incident. In this relation they may serve as a guide or reminder of some of the incidents that might otherwise be overlooked neither being described nor reported.

Going through a monthly status check, each department owner should reflect on whether they have been affected by any of the 20 consequences. A discipline that will double as a rather effective way of raising risk awareness, and where the 20 consequences could function as a good checklist. Not all of the consequences will be relevant for all departments. Some may for instance be too far removed from the customers to identify if they did cause a client to be lost, but looking a cross the company all of the 20 consequences would be relevant.

And as with risk consolidation, when aggregating incidents for reporting to upper management, consolidating the incidents based on the 20 consequences would be a good way of creating a report that management would instinctively understand.

Key risk indicators

Most organisations, that I help are struggling establishing key risk indicators. Now you may already have identified the set of key risks in your company, but if you haven’t using the 20 risk consequences might be a good place to start.

A long with the short description of each of the risk consequences, we have added a small set of indicators that might be utilised as risk indicators. Some of these indicators are hopefully already being measured and reported on in the organisation, and if so, these are the ones you should focus on to get started.

What you get

Being interested in risk management, you can buy the package here and get:

  • Icons for the 20 risk consequences, relevant for management
  • A short explanation of each of the 20 consequences and which risk indicators that might support them
  • A short guide for identifying the 20 risk consequences during a risk assessment
  • A template for risk reporting (in word)
  • A template for high level risk overview (in powerpoint)