When we make a decision, we normally make a number of assumptions about what we expect to happen.
My view of risk management, or should I say risk management that adds value and helps an organization succeed rather than just avoid failure, is all about what might happen.
Anticipating what might happen, evaluating and assessing it, then taking appropriate actions through informed and intelligent decisions, leads organizations to success.
It helps them take the right risks, considering both upsides and downsides, to achieve enterprise objectives.
An assumption is made when you state that you think this or that will or will not happen. If you are smart, you define what event or situation that is, how it could affect your objective, and your assessment of its likelihood.
In other words, you are assessing a risk (if adverse) or opportunity (if favorable).
A forecast is also an assumption, or at least based on a set of assumptions about what will happen.
What we should do with assumptions is monitor them.
But, as Estell and Grant say in Deciding, not all assumptions are equal.
There are some that are incidental and some that are critical.
Critical assumptions are those that, should they not bear out, mean that your objective will probably not be achieved.
Other things are often documented as assumptions, but the desired outcome is not dependent on them.
Monitor the critical assumptions and be prepared to respond at the first indication that they will not hold up. If you want, you can refer to this as the monitoring of key risk indicators (KRI). But KRI normally refer to things that might happen to hurt you, and you should also be monitoring for things that might help you.
If the assumption is that a new product will be ready for market on June 1st, you need to be prepared to take action not only if readiness is delayed but also if it is early!
Understanding assumptions that have been identified as critical to achieving an objective is essential to effectively managing for success.
Do you agree?
Is this what your organization does?
By Norman Marks, Governance, Risk Management, and Audit