What is the difference between risk mitigation and contingency planning

Risk management is defined as the identification, assessment, and prioritization of risks or the effect of uncertainty in investment decision making. It is very important to manage risk to avoid unbearable losses or bankruptcy. Mitigation and contingency are two strategies that are used in the management of risk. Risk mitigation and contingency planning are very closely related to one another as they are steps used in the larger risk management process. There are, however, a number of differences between the two and the timings in which they are needed. The article offers a clear explanation of each risk management strategy and explains the similarities and differences between the two.

What is Risk Mitigation?

Mitigation is the process of solving problems that were caused or reducing the effect of the risk once it arises. In other words, risk mitigation strives to minimize a risk that materializes. Risk mitigation can also be seen as a method used to control damage that has already being done, and to reduce the ‘blow’ or consequences that it may have on the organization.

Even though risk mitigation is done after the damage occurs, the strategies for mitigation should be pre planned and communicated across the organization so that they can be properly implemented during the time of a crisis. For example, In the event that there is a union strike within a firm there will be no employees working, which will halt production and sales. In order to solve this problem or reduce the damage caused in this situation, the company will negotiate with the union and try to meet employees’ demands. This is the risk mitigation process that is used to deal with the crisis.

What is Contingency Plan?

Contingency is a planning process in which the company will come up with a few backup plans in the event that the risk materializes. A contingency plan is also known as the action plan for the worst case scenario. Such plans are essential to an organization as it helps organization quickly adapt to changes while suffering less consequences. For example, a company may introduce a new product to the market with the expectation that the product will not face much competition till one year’s time (which is the time that might be needed to develop a similar product by the competitors). However, a competitor releases an identical product to the market within 6 months. A company should have done some contingency planning to determine what steps could be taken in the event that such a situation materializes.

What is the difference between Mitigation and Contingency?

Risk management is essential for organizations to ensure the long term smooth running of the business. There are two parts to risk management; risk mitigation and contingency planning. There are a number of differences between the two strategies. Risk mitigation is carried out after the risk materializes, as a measure to ‘clean up the mess’; contingency planning is used way before the risk actually arises and is the process of coming up with a backup plan to deal with the risk if things go wrong. Risk mitigation is aimed at reducing the consequences of the crisis, whereas contingency planning is used to determine how problems can be solved if a crisis occurs. An important part of both risk mitigation and contingency planning is the requirement to identify risks before they materialize. Risk weighing and prioritizing is also an important process needed for mitigation and contingency as risk management should be focused mostly on the most significantly damaging risks.

Summary:

Mitigation vs Contingency

• Risk management is essential for organizations to ensure the long term smooth running of the business. There are two parts to risk management; risk mitigation and contingency planning.

• Mitigation is the process of solving the problems that were caused or reducing the effect of the risk once it arises.

• Contingency is a planning process in which the company will come up with a few backup plans in the event that the risk materializes.

• Risk mitigation is aimed at reducing the consequences of the crisis, whereas contingency planning is used to determine how problems can be solved if a crisis occurs.

Lots of business decisions are risky. Your products might go out of fashion, or a new product line might tank with your customers. Risk mitigation and contingency planning both help you prepare for trouble. Mitigation strategies are things you should be doing now, whereas your risk contingency plan only kicks in if disaster strikes.

Risk mitigation strategies are things you can do now to reduce your company's risk. A risk contingency plan is something you draw up now but don't deploy until the trouble comes to pass.

Known and Unknown Risks

The first step in mitigating risk is understanding what you know and what you don't know.

• Known knowns are the risks you completely understand. For example, suppose your competition is launching a comparable version of your flagship project. You've done surveys, and there's a chance that 10 to 20 percent of your customers will switch. That's a known known.
  
• Known unknowns are risks you know but can't quantify. If your business is based on the Gulf Coast, you know there's a risk of a hurricane leveling your operation. Whether a hurricane will hit this year is unknown.
  
• Unknown knowns are types of information you don't know you have or don't know its significance. A law firm might have information that would enable the company to win a tough lawsuit. If the information is buried in the files, it's of no use to anyone.
  
• Unknown unknowns are a real problem: You don't know the degree of risk, and you don't realize you don't know. For example, you could open a plant overseas with no idea that the nation is about to erupt into civil war.
  

Risk mitigation and contingency planning can effectively deal with known knowns and known unknowns. Unknown knowns and unknown unknowns are tougher and are sometimes impossible for which to plan.

Identify the Danger

The first step to mitigating risk is to identify and evaluate it. The more risk you can class as known knowns, the better. It's also important to know whether there's anything you can do to mitigate or eliminate the danger.

• Internal risks include key personnel quitting, embezzlement and waste. These risks are the ones most under your control. Better fraud and loss prevention policies can reduce employee theft, for instance.
  
• External risks are outside your control. You can't prevent them. You can only reduce the potential damage.
  
• Strategic risks are the "no pain, no gain" type. When you launch new products or services, there's a risk you'll lose money, for instance, but it's a necessary gamble to grow your business.
  

About Mitigation Planning

Once you've identified potential risks, you can assess them. Ideally, you can quantify how likely they are to happen and how bad the impact will be. Then, you can develop strategies for the most probable and most damaging risks to either improve the odds or mitigate the damage if they come to pass.

• Risk avoidance. If the risk is high probability and potentially catastrophic, the best strategy is to avoid it. For example, if your property is at high risk for a California wildfire, relocating to somewhere safer might be the best way to not get burned.
  
• Risk transfer. If the probability is low, but the cost is potentially huge, you should consider transferring the risk elsewhere. Insurance, for example, transfers your financial risk to the insurance company.
  
• Risk acceptance. If the cost of mitigating the risk is too high, consider doing nothing. With some risks, this more cost effective than avoidance.
  
• Risk limitation. This is one of the most common strategies. Rather than work to avoid all risk, you try to lower the danger to the point where you can accept the remaining threat.
  

The difference between risk mitigation and contingency planning is that once you have a risk mitigation plan, you put it into action. A risk contingency plan sits in reserve until it's needed.

The Risk Contingency Plan

Risk contingency measures are the things your business will do if X happens. A risk mitigation plan might, for example, try to reduce the risk of your vendors hiking prices. A risk contingency plan spells out what to do if prices go up anyway. Risks for which you can prepare contingency plans include supply chain problems, fire, flood, data breaches and major network failure.

Begin contingency planning by identifying your worst vulnerabilities. These are the things that would paralyze your organization if anything happened to them, such as your raw materials supply, key personnel or your IT network. Then, pinpoint the key risks to these areas.

The Risk Contingency Matrix

Drawing up contingency plans for everything that might go wrong is a herculean task. When you start out, it makes sense to focus on the omega-level threats first. One way to quantify the danger is with a risk contingency matrix.

On one axis, you list the probability of a contingency coming to pass. If, say, your raw material prices are locked in by contract for the next three years, the risk of a price hike this year is nil. On the other axis, you list the damage factor: minor, moderate, major or critical.

Once you've laid out the grid, you place each risk in a section of the matrix. Threats that are highly likely and would have critical impact are the ones that need contingency planning the most.

Planning for Problems

Once you identify your top contingencies, start planning for them. Risk mitigation tries to reduce the chance of disaster happening. The risk contingency plan gets you up and running if catastrophe does come to pass.

Suppose you're a government contractor, and you know there's a risk of a long government shutdown this year. To keep your business afloat, you may need both risk mitigation and contingency planning strategies:

• Put money into a risk-contingency reserve so that you can pay bills if the government stops paying you.
  
• Decide whether you'll keep paying employees during the shutdown. It's expensive to do so, but it reduces the risk of them jumping ship for a steady paycheck.
  
• List anything that has to be done during the shutdown to avoid catastrophe afterward.
  

Drafting Your Plans

It's possible that your business won't need risk contingency measures for every possible contingency. You may be able to group several contingencies together in an overall category, such as a drop in cash flow, a rise in prices or new competition entering the field. That will simplify your contingency planning.

The initial plan for a given contingency should make clear what you'll do, but it doesn't have to go into detail. Your risk contingency measures for a government shutdown might include keeping your key employees working full time. You don't have to sit down and identify the employees until you see the contingency is shifting into the "going to happen soon" category.

Remember to Stay Prepared

Once you've drafted a risk contingency plan, don't just file it away and forget about it until things go south. Let your employees and key stakeholders know that the plan exists. Share it with them and make it easy for them to access and study it.

Whenever anything major changes at your company, pull out the plan and review it. If you've moved to a new building, changed suppliers or changed key personnel, that may change some of your contingencies or render them null and void. Regular review will keep the plan relevant to the contingencies of your current situation.

• related
• references
• writer
• feedback
• cite