Thinking through risks shows the case interviewer that you are taking a holistic approach to solving the problem and are providing the client with value-add considerations after the project is complete. Moreover, this shows a level of sophistication, understanding, and recognition of threats and opportunities that can differentiate you from other candidates.
Identifying Risk Shows Holistic Understanding
Fundamentally, risks come in eleven forms: SEE HERE
- Compliance Risk: This is the organizations’ ability to follow applicable laws, regulations, and ensure accountability.
- Credit Program Risk: This is the organizations’ reliance on a borrower or financial counterparty to meet obligations and fully repay debt or interest on time. For instance, if an organization is funding a project through invoice payments from another project and if those invoices are not paid on time, this could slow or halt the project or cause the organization to borrow in the short-term, which could raise expenses.
- Cyber Information Risk: This is the organizations’ or projects’ potential for vulnerabilities that compromise processed, stored, or transmitted information. For instance, cyber threats have caused many organizations and projects to re-think their security and factor in the risks that come with managing sensitive data. This consideration may require organizations altering their project timeline or adding security expenses to ensure information and controls are protected.
- Financial Risk: This is the projects’ financial impact to the organization such as the potential for loss of funds, increased expenses, or waste.
- Legal Risk: This aligns with compliance risk and is the organizations’ ability to meet contractual agreements or ethical requirements.
- Legislative Risk: This is the potential for the legislative body to alter or impact the mission of the organization or shift the operating landscape in terms of funding, customers, resources, or products and services.
- Operational Risk: This is the potential for failure of internal processes, people, or systems within the organization and can adversely impact the daily operations of an enterprise.
- Political Risk: These are risks that occur due to key policy makers and can impact strategy, tactical operations, or shift the operating environment.
- Reporting Risk: This is the risk of unreliable, inaccurate, or not timely information. Not having the right information to the right people at the right time can adversely impact operations and lead to poorly informed decisions.
- Reputational Risk: This is the risk that external actors, such as customers, watchdogs, or the media, diminish the credibility and legitimacy of the organization. Oftentimes, this is a residual risk as risks that occur internally in one area can metastasize and externally harm the reputation of the organization.
- Strategic Risk: This is the organizations’ ability to adapt its business plan, mission, and/or model to changing conditions.
While you do not need an exhaustive list in the case interview, thinking through these types of risks can show breadth and depth of understanding.
Qualifying Risk Shows Analytical Rigor
Not all risks are created equal. Once identified, risks can be qualified across a 2X2 matrix where project managers and organizational leaders weigh on one axis the likelihood of a risk occurring and on the other axis the impact this risk could have on the organizations’ objectives. For instance, a risk that has a high likelihood of occurring and that would have high impact on the objectives might require more significant risk mitigation planning, contingency planning, and resources than one that is less likely to occur, or that will have a lower perceived impact on the objectives.
Planning for Risk Demonstrates Strategic Thinking
You can plan for risks in five ways: SEE HERE
- Tolerate: The enterprise may ultimately decide to withstand the risk. This may be due to several reasons. First, perhaps the risk is very unlikely and falls into an acceptable risk appetite range for the organization. Second, the risk may have very little impact on the project and thus, it may not be worth devoting critical resources to mitigating the risk. Third, the costs of action may far outweigh the benefits.
- Treat: Enterprises tend to manage risk through treatment. In most cases, an organization will put internal controls in place to prevent, limit, or reduce the risk. For instance, an organization may reduce financial or operational risk by segregating duties so that there is a system of review, checks and balances, and clear line of supervision.
- Transfer: Some risks can be transferred through insurance or hiring a third party to take control of the risk. This can be done to reduce the exposure or to ensure that another more capable group that has the requisite knowledge, skills, and abilities, manages the risk. Certain risks, particularly those dealing with reputational risk, cannot be transferred. If a risk is transferred, this adds another relationship to manage and will likely have time, cost, and a dedicated resource associated with this transfer.
- Terminate: In some instances, you may be able to eliminate the risk. This can be done by identifying the activity where the risk occurs and terminating that activity. In the public sector, certain activities, services, and products are inherently governmental and may not be transferred. Thus, this alternative is often more common in the private sector and will need a thorough analysis of the trade-offs before being considered.
- Take the Opportunity: This option aligns with tolerating, transferring, or treating risk. In certain circumstances, an opportunity arises that could lead to positive results for the organization or project. For instance, airlines that anticipate a spike in oil may take the opportunity to lock in a set price over a specified time to even out their costs over time and potentially pay a price that leads to long-term savings.
Risks can escalate, and organizations need to have communication channels, systems and processes, and empowered project teams in place that can adeptly adapt to new information and a shifting environment. The best laid plans will fail without the communication conduits, processes and procedures, and people to support these plans.
Follow on Twitter: @evan_piekara
About the Author
With over twelve years of experience consulting and working in the government and nonprofit sectors. Evan started his nonprofit career as a member of Teach For America (TFA), where he served as a teacher, volunteer, and in operational support and training roles for the organization. He has supported BDO Public Sector in the launch of their management consulting practice and has provided strategy and operations, human capital, and information technology support to government and nonprofit clients. At BDO Public Sector, Evan led efforts building internal practice recruiting processes including interview questions, cases, and candidate evaluation criteria and developed their Graduate Advisor internship program.