In a recent conversation with a client my colleague noted that the use of proportionality, pertaining to risk management, was a key tenet of their approach.
On the back of this I thought it might be worth a quick blog to remind ourselves what this means.
So, what is the definition of proportionality? From the Collins dictionary, “The principle of proportionality is the idea that an action should not be more severe than is necessary”. Put simply, when applied to risk management we should focus on what is of high risk rather than low risk. Risks that have a higher chance of occurrence or that have a bigger impact on the business need closer attention (more controls in place) than those that do not. Many operational risks for example are inevitable as they relate to specific functions of the business, however some will have more impact on the business so these should be prioritised. I am not advocating that you don’t bother with low rated risks just that they need to be managed proportionally with their importance to the business. In addition, it might be that some risks must be tolerated because the costs or resources needed to mitigate them are too large or too many. This of course leads on to the idea of risk appetite.
Managing risk in this way will lead to a more streamlined approach as efforts will be focused on where they are most needed and where they will have greatest effect. This in turn will inform on how decisions are made (your strategic direction) and ensure precious resources are better utilised. Internal conversations and debate will occur when looking to prioritize the management of risk and this can be time consuming however, anything that raises risk management higher up the agenda will ultimately benefit your business.