Risk management should be part of all housing providers’ ongoing business operations; after all, taking risks and mitigating those risks is part and parcel of everyone’s daily lives.
However, in the context of risk management, it’s worth being a little more specific about what we mean, first to avoid confusion, and second as a way of imposing a framework of quantitative measurement and control over what is usually a loosely-defined and qualitative concept.
The line items usually covered within housing providers’ risk management plans are, to be specific, hazards. These are simply potential sources of harm or damage. In an IT environment, the hazards might include catastrophic server failures, IT supplier bankruptcies or global pandemics through to IT staff leaving, intermittent internet outages, broken laptops or just a blown plug fuse. Everyone will (or should) have their own list of hazards, with varying degrees of granularity.
Each hazard, or potential source of harm/damage, then has two factors associated with it. The first is the severity of the potential harm caused by that hazard (catastrophic server failure = extreme severity, broken laptops = minor severity). The second factor is the probability of that hazard occurring.
Risk is then a function of a. the severity of a hazard and b. its probability of occurring. And again, everyone will have their own criteria for assessing and assigning a ‘severity’ and ‘probability’ metric to each of their hazards, as well as their own way of depicting and triaging those risks (a colour-coded table is a common way of illustrating the overall risk landscape).
Once you’ve found a way of illustrating your overall risk landscape, you can finally take better-informed steps to assigning the correct resources and/or measures to mitigate those risks, secure in the knowledge that your next steps will be based as far as possible on a quantitative assessment of your hazards’ severity and their respective probabilities instead of a qualitative, intuitive view of your risk.
