Although risk management is the responsibility of entire organization but as always there is single responsible person who is leading the initiative and monitoring it; that person is Risk Manager.Analogy to understand this role is that Risk Manager is the person who sits next to the driver (CEO) of the vehicle (organization). Job of this person is to forewarn driver about the humps or detours on the way and suggesting counter measures to overcome the problem.
Advantage of having this role is that organization becomes PRO-ACTIVE and on occurrence of untoward incident instead of panicking, tackles that problem by confronting it. Let us examine what is the related approach in risk management which can be applied on Digital Marketing:
Here i would like to share that interesting blog post was published by Malinda Erika, which outlines related activities of risk management.
Content in the Graphic:
In digital marketing risk management gets more complex as it is a merger of Information Technology, Project Management and Marketing. This field inherits all the concerned risks of the said subjects. Therefore, there is a need to have risk management approach that is deduced from ISO, NIST and IEC, as these bodies don’t have concurrence on the subject and this issue was highlighted in one of the previous posts “Risk Management Dilemma in Digital marketing!”.
Risk = Probability x Impact x Vulnerability x Actor x Motivation
Actor = Process, Person, Organization & Government
Motivation = Financial, Political , Competition & Publicity
Vulnerability = Flaw, Weakness
Impact = Financial or Operational Loss
Probability = Frequency of Incidents
It is vital to understand that impact and probability of the incidents on business helps in evaluating risk significance. Vulnerability is the weakness which can be exploited by the actor to gain motivational objectives.
Risk is the term used before applying safeguards . After application of countermeasures the risk left is termed as Residual Risk. Please note if any facet of risk is zero then risk will become zero and it can happen at the stage of residual risk when either vulnerability is removed or another risk response strategy is imposed.
Please note assignment of values depends on nature of business and application. More frequent occurrence of the incident means greater value of probability, same is the case with other values as well. Exception is Actor where at times we rate Processes more than Person in IT because it can hurt more than individual word of mouth.
Dartboard Web is my concept of evaluating risks. It is a pentagon having five poles as shown in the diagram. Values of each element start from the outer pole shown as blue boxes in the diagram from zero to any value deemed for particular analysis. Red pentagon is shown as HIGH Risk, Yellow pentagon is MEDIUM risk and Green pentagon is showing as LOW risk. Black dots and lines shows the plotted risk. Please note dots will always be plotted on the white lines and then risk is defined as connecting the dots. This helps in rating risks and also show the significant aspect of the risk all from single diagram.
Risk response strategies are used to tackle risks as per the nature and preference of the organizations. We take example of “Auto Spamming Agents” here to clarify this concept. Spam is security risk which leads to inconvenience as sifting of the data is required. To counter this problem Captcha is being employed for some years which is “Avoid” strategy. However, please note that even this countermeasure can be overcome by humans but it is a different risk having different actor and impact. Organizations usually make their preferences as I have used above on dartboard web that all risks coming into High Risk Zone should be further evaluated by QUANTIFYING it and assigning monetory values so that contingencies are developed.
Risk Monitor & Control
Monitoring and control is another important aspect of risk management. Usually in this phase, procedure is developed and implemented. Through this procedure it is ensured that all hazards and incidents should be reported. On backend incidents and hazards are linked with triggers which further connected to risks. Triggers are the condition which alerts Crisis Management Cell to monitor or activate contingencies.