In the previous stage risks were prioritised based on their importance. Once you have decided which risks need more detailed attention you can move onto the RISK ANALYSIS and MANAGEMENT ACTION PLAN stages in the process. I normally group these activities together because they usually involve the same group of people. If someone knows enough about a risk to help analyse it they should be also able to play a key role in deciding how best to manage that risk.

As president of this Asian Acetic Acid Joint Venture my first risk management priority – especially during the construction – was safety. I conducted weekly safety risk reviews on foot to ensure the safety rules were being followed by the workforce of 700

The JV also manufactured the poisonous gas Carbon Monoxide – requiring gas detection sensors throughout the facility. During my 5 years we did not have a safety accident on the site
Risk analysis and management can be split into three broad areas:
- Understanding
- Management
- Mitigation
Understanding the nature of the risk: Causes and Consequences.
To understand a risk the first thing to consider is what causes it and whether that cause can be controlled or influenced in some way to either prevent the risk occurring or to reduce the chances of its occurrence. If the occurrence of the risk can be positively influenced then the risk can be managed. For such risks the action plan will involve determining the best approach to stopping the risk happening or to at least reduce its likelihood.
It is not possible to stop some risks from happening. In this case the negative impact of the risk’s occurrence (if it happens) needs to be mitigated (e.g. reduced or neutralised in some way). To illustrate these ideas let us consider some simple examples of risk management and mitigation.
Managing Risk Occurrence
The occurrence of many risks in the safety area can be managed so that they do not happen. For example when I was president of a large chemicals joint venture in Taiwan we insisted that workers operating at high levels during the construction of the plant wore a double body harness. As they moved along the scaffolding framework around the plant at least one of the harnesses had to be attached at all times. As the workers moved to a new section of scaffolding they could not remove the first harness until the second was safely secured in the scaffold. In this way we were able to ‘manage‘ that even if a worker lost their footing and fell at least one of the two harnesses would prevent a serious injury. Despite having 700 people working for me we were able to complete the $250 million construction project without an injury. Compulsory double harnesses was a part of out risk action plan for the project.

BPs Valhall Platform Norwegian North Sea – Some risk causes can not readily be managed – for example a hurricane or a typhoon. In such cases the risk consequences should be addressed to ensure if the event happens it has a minimal effect on safety, the environment and the bottom line of the business (photo courtesy of BP p.l.c.)
Mitigating Risk Consequences
If you can not stop a risk from occurring the best course of action is usually to try and mitigate the effects of the risk in such a way as to minimise the negative impact it will have on your business. Once again I can provide an example from Asia of a risk whose occurrence can not be managed. In Taiwan we would regularly be visited by typhoons. Fortunately the weather authorities could provide reasonably accurate forecasts of when a typhoon would occur and and indication of its likely path. Although we built our production facility on a man-made island in a sparsely populated area the potential impact of an explosion caused by a typhoon would have been horrendous. Therefore, in order to mitigate the impact of a typhoon we would shut down all the potentially dangerous production operations whenever a typhoon was predicted to come close to the factory. At the same time all but essential safety staff were moved off the site. In this was we could mitigate the serious consequences of a risk whose occurrence could not be influenced. The typhoon preparedness procedure was written into our risk action plan for the site.
The V&LIUMM Process
The above examples illustrate how some typical risks can be managed or mitigated once their causes and potential consequences are understood. To help people remember the key elements of the risk management process I introduced the V&LIUMM term in my risk management text book. The letters are the initials of the key risk management steps:
- V = Value
- &
- L = Likelihood
- I = Importance
- U = Understand
- M = Manage
- M = Mitigate
My Chinese joint venture partners found it quite amusing when I told them my risk management philosophy was based on the use of VALIUMM! But it worked – the construction project was finished safely, in budget and on-time. To find out about risk action tracking and monitoring of risk action effectiveness use the link here.

Key Risk Management Elements in the word VALIUMM (Photo of the first flaring of the Skarv FPSO Vessel in the Norwegian Sea courtesy of BP p.l.c.)
©2019 ChrisDuggleby.com
All Intellectual Property Rights Owned by Chris Duggleby