Is Risk Bad?

Today in risk management, many people think the goal is to remove or eliminate risk.  That, frankly, is not the goal. Risk management is about being aware of risks, being prepared for risks, and understanding the impact of risks. With this information we can make decisions on whether we want to manage the risk and its residual risk, or avoid it all together.

For example, if an organization realizes it needs a data warehouse to keep up with its reporting requirements and understand the market, it has the options to either:

  1. Build a data warehouse
  2. Buy a data warehouse

Each of these options pose different risks. Here is a sample of risks for each option:

  1. Build a data warehouse
    • Takes a tremendous amount of time to build one, which means a long time to achieve the benefits.
    • Requires tremendous talent to build one, and the organization will need to keep talent in-house for the life of the warehouse.
    • Once the project is live, updating the warehouse to meet future requirements may take a lot of time.
    • Maintaining infrastructure to support the data warehouse.
  2. Buy a data warehouse
    • Learning all the features and extracting all the value from the product.
    • Software support.
    • Gaps between the requirements and the product.

The goal of the risk manager (or possibly the data warehouse project manager and executive sponsor, in this case) is to identify, understand and manage the risk. Risk management activities for each could include:

  1. Build a data warehouse
    • Secure an organization dedicated to maintaining the data warehouse.
    • Secure funding to hire and pay top talent to build and maintain the data warehouse.
    • Examine hiring consultants to build the data warehouse and transfer knowledge to the internal team.
    • Understand and predict future data warehouse and reporting needs upfront to ‘future-proof’ the data warehouse as much as possible.
    • Explore hosting options for the data warehouse.
    • Explore the security needs.
  2. Buy a data warehouse
    • Perform a thorough gap analysis of several data warehouse products.
    • Gain insight to the data warehouse vendor’s roadmap.
    • Discuss vendor’s support services with current customers.
    • Explore hosting and SaaS models, including uptime.
    • Identify security features.

None of these activities will eliminate the overall risk of owning, maintaining, operating or securing a data warehouse but these activities might allow users to understand, prepare for and possibly transfer some of the risk to others.

There is even one more option: do nothing. Even that option poses risks, such as not being able to spot trends or provide required reports.  If you are heavily regulated, that could lead to fines and loss of business. If you are in a highly competitive environment, that could lead to loss of business or loss of reputation.  As you can see, the three options all provide some level of risk. Risk management’s job is to help identify the most acceptable amount of risk and the activities required to manage the risk. In these three scenarios, the only bad risk is not managing your risk at all.

Related Articles