When we want to achieve an objective, our main lever to achieve it will be to have an action plan, where we set out everything we need to do to achieve it, such as activities, tools, resources, etc. The same happens when we work in risk management, where our purpose will be to prevent, correct or detect events that generate a risk for the organization.
Every risk within the company is a threat of loss, either due to a situation generated internally (by processes, technology, financial factors, among others) or by external causes. Therefore, when these events are detected, controls must be implemented to help mitigate them, this is where the action plan comes in.
We could define it as a strategy composed of different activities with the purpose of mitigating the association to controls and events in the risk life cycle. This plan defines what the objective will be, how long it will take, what resources will need to be implemented and the people responsible for executing it in order to manage the risks in a timely and effective manner.
They can originate in two ways
Let's take an example:
The construction company has reported a delay in one of its works due to a default in the delivery of materials by the supplier. We could correct this event by focusing our action plan on having a stock of materials for two or three months, increasing the number of suppliers, etc.
What do you want to achieve? At this stage, the action plan must state what it is intended to achieve, what events or controls it will help to achieve. This is the starting point for defining the activities that will help to achieve it.
These are all the activities that make up the action plan, they work as a process where they start with the creation of the plan and then execute them and finally go through a verification to validate if the plan fulfilled its purpose or if new activities should be implemented.
A good way to organize the activities is to put them in chronological order, so you will have a clearer vision of the steps to be followed.
Different actors may be involved in an action plan:
What is to be achieved? In this phase the objectives of the action plan and the events or controls that will help to achieve them are defined. This is the starting point for defining the activities that will help to achieve them.
They are all the activities that make up the action plan, they work as a process that starts with the creation of the plan and then they are executed and finally go through a verification to validate if the plan fulfilled its purpose or if new activities should be implemented.
A good way to organize the activities is to put them in chronological order, so you will have a clearer vision of the steps to follow.
Different actors can be involved in an action plan, for example
No plan can work without knowing when to start and when the deadline for completing all actions will be. Knowing the time frame in which the objective must be achieved will focus the responsible parties on accomplishing the activities.
Such a plan does not exist, there is no formula or steps to follow to achieve a perfect plan, but the more trial and error we have in creating action plans the better, why? because then we will know which actions work and which do not. Ideally, each plan should have multiple activities to better control events or risks.
Within the Pirani risk management software you will find action plan modules, where you can create plans that have tasks assigned to specific people, define a start or end date, view a progress status that will help you review the stage of the plan and you can also associate it to a process, risk, control and/or event. Discover everything you can do with the tool that makes risk management simple!
Action plans help us to make tangible the measures to be implemented to mitigate a possible risk or correct an event, thus optimizing the company's management and performance. They help us to set the context of what needs to be done and the specific activities that will help make it happen.
Did you find this content on action plans to consider in risk management within an organization useful? Leave us your comments.