A measurable approach for risk justification of explicit and tacit knowledge assessment

Knowledge has become a central organizing principle in society to the extent that knowledge management has become a mainstream activity in organizations. Nevertheless, knowledge-related risks remain relatively neglected in the risk management domain. Whilst knowledge reduces uncertainty and the associated risks, the increased knowledge intensity in organizations also represents a risk factor that has to be assessed. The paper describes and validates an organizational risk assessment approach that considers knowledge-related and knowledge management risks in an integrated manner. The approach makes it possible to calculate risk ratings in terms of vulnerability and likelihood for 50 threats to all activities and phases of the knowledge life cycle. These risk ratings are plotted against 24 potential risks in the human, organizational, and technical domains. To impress on management the significance of these knowledge-related risks, the risk ratings are transformed to approximated financial figures. The approach is applied to 10 Slovenian organizations, two of which are discussed in detail in the paper, to demonstrate that it can be successfully used in a wide variety of organizations. It is concluded that the approach offers a way to assess both knowledge-related and knowledge-management-related risks, that the costs that individual risks potentially hold can be approximated, and that for a diversity of organizations mitigation strategies can be suggested for the identified risks.