Many businesses say they do risk management, but when you look more deeply into what they do, it’s a spreadsheet of possible business risks, updated quarterly.
This is a start. But in order to operate competitively today, risk management needs to be high on your organization’s agenda, and embedded in the fabric of how teams work.
Project and business risk is a huge factor for organizations who want to lead in their industries. And the good news is, that there are lots of reasons why risk management is something your board should be taking seriously. If you are having conversations with people about how to get risk on the agenda, you can use these 5 reasons why your business needs risk management to get their attention.
1. For compliance
Let’s start with the most obvious reason why risk management matters to executive teams – and the rest of the business. Risk management gives you the opportunity to comply with mandatory requirements and regulations.
If you are a client-driven organization, you’ll often find that clients mandate you take certain steps or follow certain regulations in order to work with them. If that’s in your contract, you had better have a way of fulfilling the obligation. A risk management approach gives clients – and regulatory bodies – confidence that you are capable of meeting your contractual and regulatory requirements.
2. For assurance
You don’t just do risk management because it helps you comply with something. It also serves a valuable purpose within your business to assure your executive management teams and shareholders that you are doing the right thing.
Your business might have a risk committee that meets as a subset of the executive committee specifically to discuss and manage business risk. This group of directors can shape the risk process.
If you aren’t sure where to start, a risk management maturity assessment will enable you to find out how robust your current risk practices are. Then you can start identifying what steps to take to build out a better capability across the organization. This process of continuous improvement will also provide assurance and confidence that you are managing enterprise risk in a sensible and controlled way.
3. For decision making
Taking business decisions can be risky. Have you got all the right information before you take the decision? While it might be tempting to dive straight in, it’s better to have a risk management approach that is considered and baked into decision making.
Look at the risks involved in making the decision, along with the resources, benefits and everything else you’re weighing up. When you can say you’ve adequately investigated and assessed the risks, you are going into that decision with more information. You might take a different decision because of the risk information, for example, adding in extra steps for risk mitigation, or other activities you want to do in parallel to help offset any risk from taking the decision.
As you grow in risk maturity, you can build modelling tools into your decision making framework. These will help you see what the future might be like if a decision was taken, or if a risk happened.
You want a balance – your business shouldn’t be paused while you gather reams of risk and related information before making a decision. So a slick, integrated risk management process helps get your managers the information they need as and when they need it, without slowing your business down.
4. For efficiency
All processes and business activities involve a certain element of risk, some more so than others. By understanding the risk inherent in your operations, you can be more efficient. You can address risk where you see it, and build in continuous improvements to make things faster, without adding extra risk.
For example, you might want to streamline a process to improve efficiency and throughput time. A risk assessment will help you understand the impact of that. You might be able to cut 10 minutes out of the process but introduce a level of risk that is unacceptable. If you make a different change and cut 8 minutes from the throughput time, you can stay within a level of risk that the business will tolerate.
That’s a simple example, and many improvements have far more variables to consider than that. But it gives you an idea of how having risk information can help you make the efficiency changes that are right for you.
5. For effectiveness
It’s not enough to be efficient. You also have to be effective. Otherwise you might be very fast and slick at processes that don’t actually add any value to the way you want your operations to run. You have to be capable of delivering projects, services and operations in a way that meets the needs of your clients, customers and staff.
Risk management has a part to play here too as it can help you identify where risk is stopping you from being effective in reaching the outcomes you desire. As part of your risk identification work, take a look at your operations and get in a room with people who do different parts of the job. Talk to them about what they do and how effective they are at doing it.
Sometimes you’ll uncover situations that are relatively easy to change. Let’s take the example of a workplace that has one-size-fits-all protective clothing. Smaller people, typically women, find it harder to work while wearing the protective clothing as it isn’t a suitable fit. An effectiveness change, while still dealing with the risk, would be to improve the range of protective clothing available to all staff. This should also remove the risk that some staff members choose to work without the protective clothing at all because it is difficult to move in.
Asking the right questions and talking to the right people has allowed this (fictional) workplace to improve effectiveness while managing the risk at an appropriate level, and hopefully improving staff morale in the process.
Ultimately, risk management is something that grows with your business. You might start off with that spreadsheet, and move on to embedding deeper and deeper risk maturity in the way operational and project teams work. That’s fine – risk management, like much else in business – is a journey. With the right tools and the right attitude, you can make a real difference.