Importance of Risk in Business
Gone are the days ‘Risk Aversion’ is considered unbefitting for business. ‘Taking Risks’ is no longer an indispensable leadership trait. Risk Management has become a very interesting as well as an essential subject of study.
Risk is now a subject of study in many management standards as well as frameworks. There is plethora of frameworks for Risk Management. There are even specialized professional qualification schemes in Risk Management.
Information Security and Risk
Risk Management is an essential component in Information Security Management System. Information Security is not complete without implementing effective operational Risk Management. Requirements for Risk Management principles as a process has been sufficiently covered in ISO/IEC 27001:2013 standard as Mandatory Requirements: 6.1, 8,2 & 8.3.
ISO has included Risk Management in Quality Management Standards as well starting from 2015 version. Risk-based thinking is included with the introduction of ISO 9001:2015 standard. ISO 9001 has implicitly addressed the issue through “preventative actions” in previous revisions. ISO has now made the importance of Risk based decision making explicit in 9001:2015 replacing the preventative actions clause with Clause 6.1 “actions to address risks and opportunities” in the new version. Risk has to be considered even in some other clauses of ISO 9001 such as 4.4, 5.1, 5.1.2, 9.1.3 & 10.2.
Risk plays an important part in many other ISO standards as well. ISO has defined an exclusive series of standards for Risk Management ISO 31000.
The ISO 31000 standard provides an organizational-level risk management approach. ISO 31000 deals with the crucial risk management concepts like:
Avoiding activities associated with a given risk
When to or not to accept risk when taking advantage of a key opportunity
Acceptable ways to remove a risk source
Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
Apart from ISO 31000, many other recognized standards are available to address Risk Management efficiently in an organization. Some of these are COSO Framework (Committee of Sponsoring Organizations of the Treadway Commission), TARA Framework, etc.
Risk Assessment is an essential requirement for compliance to HIPAA (Health Insurance Portability and Accountability Act of 1996 - USA) and GDPR (General Data Protection Regulation).
Risk Management is an interesting and sought-after profession now developed in the last decade with Risk Management becoming an essential requirement for every business. Risk Management as a profession matured in the last 30 years but references about Risk Management are sufficiently available in Indian Classical Literature, Literature dating back to 2000 to 3000 years.
Risk Management in Classical Indian Literature
Risk Management is not a modern concept developed over the last 30 year only. All the concepts of Risk Management as enshrined in Risk Frameworks are covered sufficiently in great Indian Literature. Let me explain using Thirukkural written by Thiruvalluvar in the classical language tamil (rather tamizh) as an example.
Thiruvalluvar, also known as theivapulavar (a poet with divine capabilities), was a celebrated Tamil poet and philosopher. He is best known for authoring Thirukkuṛaḷ, a collection of couplets in classical Tamil. Thirukkural is a collection of 1,330 poems compiled as 133 adhikarams (subjects) of 10 poems each. These are broadly categorized into three chapters viz. Arathupal (based on dharma), Porutpal (based on worldly affairs) and Kamathupal (based on love and affection). Beauty of thirukkural is that powerful and insightful messages gets conveyed using just 7 words. Each couplet ie kural is only of 7 words and includes a powerful message within these 7 words.
Let us see couple of kurals covering various processes involved in Risk Management. Risk Management comes in Porutpal (Worldly Affairs).
Importance Of Risk Assessment In Thirukkural
தெளிவி லதனைத் தொடங்கார் இளிவென்னும்
ஏதப்பாடு அஞ்சு பவர். (Thirukkural 464)
Meaning - Those who fear reproach will not commence any work which has not been thoroughly assessed and made clear.
Though the term Risk has not been explicitly mentioned in the above kural, the reference ‘clarity about an initiative’ includes understanding risks as well. An initiative is unequivocally unclear if the associated risks are not analyzed. Essentially don’t start any work until and unless the associated risks are understood.
Important point to be noted, Thiruvalluvar advised us to understand the risks before starting a work but not to avoid risky work. This versel cannot be taken to mean that Thiruvalluvar endorsed risk-aversion.
Project Feasibility Assessment In Thirukkural
முடிவும் இடையூறும் முற்றியாங்கு எய்தும்
படுபயனும் பார்த்துச் செயல் ( Thirukkural 676)
Meaning of the above verse - Analyse & Manage the hindrance, exertion required, business goals and benefits when performing a task.
Here hindrance can be taken as the equivalent of Risk referred to by Thiruvalluvar. Thiruvalluvar gave the wisdom in this kural that any venture should result in eventual business benefits but that comes with certain possible risks and efforts required to achieve the benefits. It is absolute imprudence to take business decisions based on projected benefits only. Project Appraisal should be based on the Projected benefits, Possible risks in achieving the benefits and resources required to achieve the benefits including Time, Efforts, People, etc.
Essentially, the concept of Project Feasibility Assessment covered in 7 words beautifully.
Risk Mitigation In Thirukkural
ஊறொரால் உற்றபின் ஒல்காமை இவ்விரண்டின்
ஆறென்பர் ஆய்ந்தவர் கோள் (Thirukkural 662)
Meaning - Removing troubles proactively before they occur and not to get disenchanted if they occur are the principles of those who learned the subject.
Here the phrase ‘Those who learned the subject’ could be taken as reference to ‘Risk Management Experts’, ‘troubles’ refers to RISKS and ‘Removing troubles proactively’ refer to ‘Completing Risk Mitigation’.
T. Jaganathan is the author of the book ‘MANAGEMENT IMMEMORIAL – Learnings from Literature’ which received wide acclaim. He is a Story Teller, Entrepreneur & Mentor for many professionals and organizations.
A Gold Medalist Engineer with Business Administration Diploma. He has held key leadership positions in Technology Infrastructure Management for 33 years.
He founded FutureCalls Technology Pvt Ltd (www.futurecalls.com), IT Infrastructure & Information Security consulting company in 2001 and is currently serving as the Managing Director of this company. Under his leadership, FutureCalls has been awarded ‘Top 100’ System Integration Company by ChannelWorld (IDG) magazine for the 3 consecutive years 2017, 2018 & 2019.
Additionally, Jaganathan is the Senior Advisor – IT & InfoSec for AGS Health Private Limited (www.agshealth.com), 6000 people BPO/KPO company spread across 11 facilities in Chennai, Hyderabad, Vellore and Tirupati.
Under his leadership AGS Health has been awarded the prestigious DSCI Excellence Award for Best Security Practices IT/BPM (Small) for 2020.
He is the Past President, Secretary and Treasurer for Chennai Chapter of CiO KLUB (www.cioklub.com) `not for profit’ association of IT Heads for 4 consecutive terms.
Jaganathan is publishing thought leadership articles every week in LinkedIn on the topic `Monday Musings Season 2’ for the past 1 year. His second book ‘GRANDMA IN THE BOARD ROOM’ is expected to be released by February-2021.
Jaganathan is a Honorary member of Board of Studies for Department of Electrical Engineering, Annamalai University.