Risky business: Who cares about risk? Welcome back to my series on risk and risk assessments. In my first post I discussed why it is hard to objectively assess risk, and I suggested ways to look at risk more objectively. If you missed it, check out post 1. This post explores why we need to think about risk in the first place. Risk is inherent to doing business, and there are only two strategies that organizations can employ when facing risk: You can accept your risk You can reduce or eliminate your risk But how do you know which strategy to use? One way is to conduct a risk assessment, which is a formal approach to measure and prioritize your risks. There are two specific ways a risk assessment can benefit the business. First, risk assessments allow you to measure risk and weigh their consequences. Every business has risks and a specific risk-appetite or willingness to accept risks. A risk assessment can help the business better understand how impactful a particular risk may be, and whether or not, or how much, to invest in mitigating that risk. It provides decision makers the ability to make better-informed decisions about where it makes sense to invest in risk mitigation activities, and where it is preferable to accept a risk by doing nothing. Second, a risk assessment helps drive awareness of risk programs (e.g., crisis management, business continuity, and threat intelligence), as well as user engagement. Producing well-defined and measured risk assessments are a great way to understand and communicate weaknesses in the business, and drive interest and support in risk mitigation investment. Risk assessments are also a great way to get people involved, build participation and buy-in, and illustrate why BCM is important. Ultimately, risk management gives us the ability to understand what may happen in the future—to make sense of the unknown. By making sense of the unknown, we can make informed decisions about the future. In the next post, I will introduce three Lootok activities that will help you conduct a risk assessment for your organization. Looking for more guidance about risk assessments, or other ways to improve your BC practice. We can help. Contact email@example.com to speak with a Lootok expert. Go to post 1: Risky business: What is risk?