Risk Control

If we see sweetbread on a restaurant menu and order it without doing any research, thinking we just ordered some kind of yummy dessert item, we’re going to be in for a big shock when someone plops a plate of lamb pancreas down in front of us.

“Sweetbread” is one of those words that just doesn’t mean what it sounds like it should mean. But that’s not the case with the term “risk control,” which is exactly what it sounds like. “Risk control” is the method an organization uses to control its risk. Mind = blown, right?

Now...what risk control specifically looks like is going to vary from one company to the next, so let’s just talk about what they all tend to have in common. Companies usually try to figure out where they’re vulnerable by conducting risk assessments. Once they find a potential weakness—maybe their data protection software is out of date, or maybe they have a subsidiary in the middle of a potentially bankrupting lawsuit—they can devise strategies to address those risks. For the most part, a company’s risk control measures are going to do three things: 1) analyze the likelihood and potential impact of the risk, 2) put processes in place to either prevent the risk or reduce its effects, and 3) conduct in-depth analyses of risks that do materialize, so they can figure out how and why they happened.

What might those processes look like? They might look like more stringent accounting principles, or increased safety training requirements. They might look like a diversification of resources and assets, so that one risk event doesn’t take the company under. They might involve hiring an in-house legal staff, copyrighting and patenting proprietary information, or setting up backup servers for our backup servers. If we own a restaurant, they might even involve putting a disclaimer on our menu so we don’t get sued the next time someone orders sweetbread expecting chocolate cake.