No professional needs to be told the importance of risk management – any business will have risks that need being managed. Businesses in the financial industry are concerned about risk the most, along with other businesses in similarly dynamic and highly regulated industries. When it comes to managing risks the leadership of any organization needs to worry about two things – 1. How to manage current risk related issues, and 2. How to prevent similar issues from cropping up in the future.

All businesses encounter risks; everything we do has a risk attached. We cannot eliminate risks, but we can mitigate the damage caused by them. We leave home earlier than we need to be on time for an important appointment – because we know there is a risk that traffic may hold us up. We drive slower when there is fog or snow, because we know we mitigate the risks of an accident.

Organizations need a risk management system that can help them tackle the many different types of risks a business faces.

The known knowns, known unknowns, and the unknown unknowns

The concept of known knowns and unknown was made famous by Donald Rumsfeld in 2002, but it has been used in academic and philosophical circles for a much longer time. The concept comes from the Johari Window, a concept put forward by two psychoanalysts in 1955. There is another part of the phrase which Rumsfeld didn’t mention – unknown knowns. These four categories are crucial for managers to understand, especially when it comes to risk. While it may seem nonsensical at first glance, it is a brilliant way of assessing risks.

Known known risks

Known known risks are the risks we know about and we also know how big they are. For example, an organization may know that there is a risk of them losing some of their customers to a new competitor, and that they risk losing 10% of their customers. The organization knows the risk exists and can quantify it as well. These are the risks that are the easiest to manage because all the required information is present.

To manage known known risks, the organization simply has to ensure that it is ready for the expected impact. One feature can be integrating a risk management methodology, combined with business process workflows and integrated management change to ensure you watch for those known risks.

Known unknowns

Known unknowns are the risks that the organization is aware of but is unaware of the size and effect of the risk. An organization may know that there is a risk that rain may affect business operations, but the lack of knowledge about how much rain there will be makes it hard to make concrete plans. It may be just a light shower which will barely affect operations, or it can be a rainstorm which can bring business operations to a halt. Planning for and perception of risks is difficult, but not impossible.

To manage known unknown risks organizations, need to have a plan for the most probable outcomes, and be ready to switch to the right plan of action once we have enough information to convert known unknowns into known knowns. For instance, having access to specific rules and regulations on a particular topic can help identify the level of risk you may be engaging with and allows you to plan for just how much risk is required to run your business effectively.

E Guide - How to Establish a Culture of Risk Awareness and Compliance in the Banking Sector

Unknown unknowns

Unknown unknowns are the most dangerous types of risks. These are risks which the company doesn’t even know that they don’t know. A company may expand to a new area and not know that the new area experiences extreme weather. The danger here is that since the organization is unaware of the existence of the risk, it cannot manage the risk, which can result in disaster. To mitigate those issues, you can look for a solution that for every risk, control, audit, corrective action and task is mapped back to the requirements that drive the activity, producing a seamless management of change when those requirements change.

Unknown knowns 

Unknown known risks are very rare – these are the risks an organization is aware of but is disregarding them, either intentionally or unintentionally. Unknown knowns are not acceptable from a risk management perspective – if a risk is known, everything must be done to manage it. You should have a solution in place that enables your organization to continuously measure the effectiveness of the controls and instigate corrective and preventative actions directly from the analysis and results.

Tackling risk management in a systematic manner 

True risk management needs to account for all the different types of risk. The leadership should ensure that all the known knowns are being accounted for, all the known unknowns are being researched further, and that audits are being done to ensure there are no unknown unknowns. The leadership also needs to ensure that there are no unknown knowns; a risk that a certain department or manager may be willfully ignoring.

Every industry faces a unique set of risk mandates and compliance challenges that require close coordination and integration with many related GRC functions including regulatory and standards compliance, incident management, work place investigations, internal audit, quality management and others. The best way to do this all is to adopt a GRC approach. Instead of managing risks through hundreds of documents, there needs to be a proper risk management system which helps monitor known knowns, highlight known unknowns, discover unknown unknowns, and eliminate unknown knowns.

If you want to see how a GRC solutions can help your organization accomplish this, get in touch with us to help evaluate the risk management solutions you are looking for and then for you to view that solution through our demonstration of Predict360, our automation based risk management software. Now you know!

About the company

360factors, Inc. (Austin, TX) helps companies improve business performance by reducing risk and ensuring compliance. Predict360, its flagship software product, vertically integrates regulations and requirements, policies and procedures management, risks and controls, audit management and inspections, and on-line training and qualifications, in a single cloud-based platform based on artificial intelligence. Remain up-to-date on industry news/updates through our Twitter & Linkedin profiles.