Risk management, what is it and how should be implemented in every business company; this is keeping in mind the great lesson taught us by the Inductivist Turkey or Russell.

In every company something unexpected happens; it can be a new client approaching with an uncommon request, an order does not arrive on time, a new competitor popping out in your product’s market, or one of your managers being stuck in a traffic jam and cannot make it on time to an important meeting.

Unexpected events can cause problems, and misunderstandings, and they can even cost money or loss of financial resources.

Reasons, why risk management should be implemented as part of a company’s strategy, are many, and managing risks should not be seen as an extraordinary event but a day-to-day thought.

When we talk about risk management it is important to distinguish between risk and threat since they are two different types of danger.

A risk is something that a company might face while a threat is a danger that is coming for real, and its nature is clear and known.

In a company’s case, a risk might be a natural disaster or even a cyberattack.

In case the company knows how it is not properly protecting its online services and database, then cyber attacks are not risks but, instead, they are threats.

In the business world, a risk is an event or a condition and it is considered normal, for a company, to face them at a certain time. For this reason, the company has to elaborate a risk management program; this identifying, first of all, the potential risks it might face.

Risk Management, what is it and how ISO 31000 helps implement it in every business company

Risk management has been theorized, thanks to internal audits, empirical and previous events that companies have faced, and a list of regulatory steps that have been emitted to help mitigate risk.

ISO (International Organization for Standardization) has emitted the Risk Management Guidelines to better help companies to anticipate dangerous happenings and make a risk management plan as mitigating risk.

In ISO 31000 risk management approach there are 5 steps to follow in the decision-making process of acting to prevent the company from facing great danger.

IS0 31000 risk management 5 steps

1. Risk Identification: it is the moment in which risk, as the name says, gets identified and it can be categorized (financial risk, cybersecurity, production chain).
   In risk identification, it is also important to evaluate how much risk might impact the project lifecycle of a company and, in general, its overall business.
2. Risk analysis: in this second step, the company faces a qualitative problem-solving method in which software, tools, and research are used to better understand the risk and, consequently, what sort of risk control to adopt.
   The main questions that the company has to have in mind are: what are the chances that this particular risk would happen? What is the potential impact and how much this event would impact the whole company? How long the event will take to generate an enterprise risk management crisis?
3. Risk evaluation/prioritization: not all sort of risks has the same impact on a company. Some of them might cause a little damage while others can have a great impact on the company itself. This is why it is important to prioritize the risks after having categorized them.
4. Risk mitigation: In this step, it has been suggested to list each risk, how long each of them will take, since their manifestation, to cause impacts on the company, and what sort of impacts they would cause.
   Here the company has to think about a strategy for effective risk management and decide what sort of policy to adopt when risks occur. The company can decide to go for risk avoidance, ignoring the risk in terms of not even doing actions that might “activate” it, or accepting it.
   It is also here that the company has to decide if rely on an insurance company, “transferring” the risk to someone else and, it also has to decide if it wants to go for risk reduction introduce a policy, and take initiatives to control and keep an eye on potential risks.
5. Risk monitoring/review: Having a 360 overview of what is going on in your company’s market, new risks brought by new technologies,  product usage, etc. is a great way to keep the company as safe as possible.
   Regulations, laws, and stakeholders’ requests imply an always-changing environment and they all might expose the company to potential risks.
   Companies, indeed, need software and reliable tools, such as Timeneye, that allow managers to keep an eye on what is going inside and outside the company and, step by step, elaborate a risk management process. 

Now that we have seen the ISO 31000’s steps to adopt in terms of risk reduction and management, it is important to understand what sort of risk a company might face.

The most common risks a company might face

They are usually listed in 3 potential risk categories: preventable risks, strategy risks, and external risks.

• Preventable risks: these risks happen inside and for this reason are also called operational risks. They are usually controllable and easily avoided or taken care of.

Companies take care of preventable risks by making rules and behavioral codes that employees have to follow to keep the company in a safe zone.

Preventable risks happen, for example, when managers or employees do unethical or illicit actions that might put the company at risk.

• Strategy risks are those types of risks that a company willingly decides to take to reach (hopefully) a higher business position on the market or a greater return in the future.

They differ from preventable risks since these latest are not wanted while strategic ones indeed are.

Asking the bank for a loan to make some new investment can be considered a strategic risk for a company.

These sorts of risks cannot be taken care of through rules or company suggestions.

In this case, what is important for a company to have is a risk management system based on the company’s capabilities to manage the events that will/would happen as a consequence.

This system is indeed designed to encourage companies to take strategic risks, even big ones, to feel comfortable and in control.

• External risks are born, as the name says, from outside and the company will inevitably have to face them.

These risks might imply great danger to a company and they can cause fatal consequences to the future of the company itself if a risk management process does not take action.

External risks can be natural (climate change), economic (a worldwide economic crisis and inflation can cause financial risk) or even political choices (fall of a government) that can put at risk a business lifecycle.

The management needs to focus on external risk identification and it has to come up with a risk assessment and plan able to reduce the impact of these risks on the company.

The Inductivist Turkey or Bertrand Russell is an inspiring story able to teach us a lesson about external risks, and how unexpected events can happen and cause great damage.

Empirical data and, consequently, risk assessment and analysis are essential for companies to have effective time management that works.

The Inductivist Turkey of Bertrand Russell: an inspiring story able to teach us a lesson about the importance of risk management

 Scientists and philosophers thought about Inductivism as a response from science where consequential and similar events are considered as enough elements to conclude. 

When there is a consecutive happening of similar events, there seems to be a simple law able to describe the phenomenon. 

We might say that induction is a form of reasoning that starts from the examination of several specific cases and leads to a universal conclusion. 

We, as human beings, tend to think of things as related and we make a consequential relationship between them. If something happens today, tomorrow, and the next day again we unconsciously think that the same thing will happen repeatedly. This phenomenon goes under the name of Inductivism, and it has been first theorized by Francis Bacon in 1620 it became discussed later, with Bertrand Russel’s theories and thoughts; the one regarding the Inductivist Turkey. 

This story became extremely popular, thanks to Carl Popper’s re-formula. 

The “Inductivist Turkey” and risk management: how dangerous is it to rely on “taken for granted” situations 

The story tells that on a farm there was a turkey that every morning patiently waited to be fed by the farmer at 9 a.m. 

Every morning the turkey had the same routine: he woke up and waited for his food to be hand-in. 

Sunny days, rainy days, Mondays, Wednesdays, and even Sundays: he knew for sure that the farmer would go and feed him.  

We might say that he has an inductivist conscience concluding that every day, at 9 am he would be fed. 

The described routine went on and on until one day, for being precise during Thanksgiving Day, when the farmer opened the paddock and, instead of feeding him, he pulled his neck to make a traditional Thanksgiving dinner. 

In our everyday life, however, we constantly rely on inductions since they easily provide us with predictions about the outcomes of our actions. With no inductions, our world would be chaotic as we would have no reason to believe that the future is similar to the past and this would raise many doubts. 

In a project lifecycle, decision-makers start from a present situation and make assumptions; this also relies on past and previous experiences. Indeed, inductivism is a logical way of thinking but it can be taken wrongly since it does not concern any outbreak or changes. 

How to avoid concluding and, instead, keep an eye on what is going on 

Once the philosopher Karl Popper read the Inductivist turkey’s story, he immediately argued that the truth of universal statements is not logically justified through the truth of single propositions, as many of these are: any conclusions obtained in this way can always be false. 

So what is Popper’s proposal? His idea is that once admitted there are no inductive procedures that make it possible to establish the truth of hypotheses and theories, the pretense of being able to attribute to scientific claims a truth should be dropped. 

Science is not empirically verifiable. 

No matter how great the number of singular statements at our disposal is, this cannot verify universal statements, while just one singular statement can falsify. 

So, what do decision-makers and managers do when we talk about project management risks and how to avoid them? 

The story of the Inductivist Turkey teaches us that we cannot rely on similar events or a particular business case because in project management just even a single difference can change the course of a project lifecycle and its related goals and objectives. 

Despite these difficulties, it is important for project planning to keep constant track and monitor every single step to not just assume universal statements or draw conclusions but, instead, have an on-time idea of what is changing or going in another direction. 

Timeneye, the time tracking software that will help you monitor your project life while avoiding making assumptions.

To achieve their goals and objectives, managers need to monitor the project lifecycle at every single step to verify if something is interfering with it. 

Many project management tools also include one of the key features when we talk about project management methodologies: time tracking. 

On Timeneye, every minute tracked will be assigned to a project, phase, and client. Users can track time just by clicking on a single button, also, Timeneye offers in-depth reporting and monitoring tools to find where the time sinks. These features are essential for decision-makers who need to keep an eye on the project lifecycle and want to avoid bitter surprises realizing too late that they invested time, not in primary activities and tasks. 

Managers can monitor each project’s status, how much of the already decided budget it is taking, the work by receiving a weekly email recap on what the team has done, and also see what are the latest tasks a user has been working on. 

The Inductivist Turkey taught us that risk management methodologies help us to constantly monitor the project scope and keep an eye on the costs. 

Timeneye is aware of that, and it provides its users with a User Cost Calculator that allows them to monitor the profitability of the project at every single phase of it. If you want to avoid making assumptions and check every single step of your project lifecycle look at our time tracking software and sign up for a free 30-day Timeneye trial!