Inspired by the processes of NASA, the Alliance Governance Team explore the ins and outs of risk management that will help your organisation expect the best and be prepared for the worst.
Risk Management the NASA way
Unsurprisingly, putting a rocket into space is an incredibly risky endeavour and as such NASA takes its risk management process incredibly seriously.
Its risk management handbook is over 220 pages long, incredibly detailed and in places completely irrelevant to organisations on earth (it’s not often that we have to deal with space debris colliding with our customers, staff or shareholders).
However, the core principles are invaluable and applied to our organisations to improve the way we deal with risk.
What is Risk?
At a basic level, risk is the possibility of an outcome not being as expected.
We weigh up risk everyday of our waking lives, mostly on an unconscious level.
Should I take an umbrella on my walk today?
Is this the best time to cross the road?
Should I have that extra slice of cake?
(the answer to the latter question is almost always ‘yes’ and ‘I’m happy to take the risk’)
On an organisational level, risk comes from both internal and external sources. The external risks are those that are not in direct control of the management. These include political issues, exchange rates, interest rates, pandemics and so on. Internal risks, on the other hand, include non-compliance, information breaches, staff absence etc
How do we manage risk?
In order to manage the impact of risks in an organisation we need a systematic approach to alleviate any negative consequences of a specific phenomenon. This is known as risk management and is a process by which firms:
“IDENTIFY MEASURE, PRIORITIZE AND MITIGATE THE ADVERSE EFFECT OF UNCERTAINTIES”
— Chapman and Ward
Risk management is incredibly important and should be at the heart of an organisation’s strategy and coupled with its future objectives. If a company defines objectives without taking the risks into consideration, the organisation will lose direction if any risks come to fruition.
The process that NASA uses to manage risk is called the Continuous Risk Management (CRM). This cyclical method consists of 5 steps with an overarching layer of constant communication.
RISK IDENTIFICATION
Continuous efforts to capture, acknowledge, and document risks as they are found. In organisations this can be done with workshops, interviews or data analysis.
RISK ANALYSIS
An evaluation of all identified risks to estimate the probability of occurrence, severity of impact, timeframe of expected occurrence and when mitigation actions are needed. The use of risk matrices are a great tool to lead your thinking during this process.
RISK PLANNING
Establishes actions, plans, and approaches for addressing risks and assigns responsibilities and schedules for completion. Thinking of potential scenarios where things don’t go to plan will help clarify your thinking when risk planning.
RISK TRACKING
Capturing, compiling, and reporting risk attributes/metrics to determine whether risks are being mitigated effectively and risk mitigation plans are being performed correctly. For example, to avoid loss of office equipment, a sign out register would be completed by staff when an item is required. A monthly inventory check can be taken to see how effective that register is.
RISK CONTROLLING
An activity that utilises the status and tracking information to make a decision about a risk or risk mitigation effort. In your organisation this process could involve action planning, controls and training procedures to help increase control over the risk
Risk Communicating and Documenting
Well-defined, documented communication tools, formats, and protocols assure that there is an overt action to communicate and document the risk at all steps of the CRM process.
Communication and documentation can be in the form of an action item log, risk information sheet, risk database, mitigation plan, status report, tracking log, and/or meeting decision.
Here is an example of NASA’s Zeus project risk management and data flow with communication prompts at every step:
Now is as good a time as any to review your risk management processes.
Whilst NASA’s processes seem arduous, even if you don’t quite achieve space grade risk processes, adopting certain elements will improve the way you identify, navigate and mitigate any potential issues to your organisation.
To quote Norman Vincent Peale:
“SHOOT FOR THE MOON. EVEN IF YOU MISS, YOU’LL LAND AMONG THE STARS.”
To mark the Alliance’s 90th anniversary, we are launching the Community Sport and Recreation Awards: Youth Edition 2025, which will celebrate the next generation of young leaders from across the sector.
Read more
As 2024 concludes and as we look ahead to 2025, the Alliance has published a message to members and partners.
Read more
Are you looking for an opportunity to work in the UK sport and physical activity sector and play a leading role in supporting and promoting a network of impactful and inspirational members?
Read more
Joining the Sport and Recreation Alliance is pretty simple, but worthwhile!
Register now
