In this blog, I will be debunking a few risk myths that are out there. I am sure you will recognize one or more.
Risk management is an analytical exercise where risks are plotted on a probability-impact matrix.
Sadly this is what risk management has become over the past decades. And Boeings disaster with the 737 Max, Wirecard’s embarrassing bankruptcy, Beirout’s tragical explosion, and most recently, the Covid-19 crisis show us that risk management must drastically transform. Risk management was ruled by the slow & one-dimensional logic of analytics and calculations. Anno 2021 most environments benefit from a more modern risk management approach where information and data from models are complemented with the insights from people. Most risks and opportunities are born in the field, not on an Excel sheet. And it are your frontline workers who are your ears and eyes of what happens in these frontlines.
Frontline people have always been relevant in early detection of risks and opportunities. Actively engaging them now, in a world more digital and less co-located, has never been more important.
Failure to detect early signals of uncertainty is costly.
The antidote is engaging and motivating the entire organization to quickly identify risks and opportunities as they surface, giving the organization the ability to make the right decisions at the right place and at the right time. Conversely, organizations that fail to embrace modern risk management will likely be overwhelmed as the pace of change accelerates further.
Risk management must be done by risk managers through risk assessments and -workshops.
What a fairy-tale. Risks don’t rest, and opportunities don’t wait. And so shouldn’t your risk management practices. Risk managers are often men and women in grey suits based from headquarters. The Covid-19 crisis has further increased their distance to the frontlines as most of them work from their home offices. Although they (often) work with (more) sophisticated tools and technology (than Excel), they can’t be expected to be an always-on radar scanning the emergence of risks and opportunities at all levels of the organization.
Right now, we see leaders making all their employees risk-manager. We see them wanting to monitor the actual level of risk and opportunity. Not a static picture of what that looked like during the risk-workshop; that was already outdated the moment they stepped out of the door.
I see many leaders wanting to crowdsource risks and opportunities, as it gives all employee’s the chance to speak up about the uncertainties they see as soon as they emerge. Giving them the ability to share their observations and knowledge through a simple declaration form, will stimulate the sharing of uncertainties, potential issues or simply anomalies seen. When cascaded out to subcontractors, suppliers, and customers: such tool’s potential impact is multiplied. This approach makes organization-wide sharing rewarding, easy and fun. It creates a 24/7 radar capturing every risk and opportunity relevant to your business goals.
Having a risk culture means avoiding risks.
The biggest myth of all! Most companies with a risk culture are likely taking more risk than less or prevent them. They are comfortable being uncomfortable and embrace risks. They can do that because of two main reasons. One: they see the threats and chances coming their way rather than being surprised by them. And two: they have more insight in the uncertainties. With that they can respond faster to early and even weak signals that informs them. They don’t need to predict the future; they are creating it.
Leaders who seek breakthrough results must embrace the uncomfortable truth: most risks and opportunities their organization will register in the coming year are already known by somebody in their organization today. Knowing these in their earliest stages gives leaders a head-start in response strategies. As William Gibson wrote:
“The future is already here, it’s just not evenly distributed yet”.
Risk management is so 2019.
Yes risk management as we knew it. The world moved on and so should the discipline of risk management. Most leaders that I speak with recognize that risk management was there to satisfy regulators. And these practices had no value beyond compliance. Now leaders want risk management to focus on better decision-making to get to business success. The purpose of risk management must go beyond just compliance. The ‘why’ of risk management is having people make better decisions and so contribute to business success. Not compliance. That is just a tick in the box on the ‘how’.
To make a real impact, risk management must be integrated with organizational effectiveness, but little has been done so far to connect these two worlds - and this must change.
Risk management in the decade ahead requires a bold, new approach that integrates organizational effectiveness with their human resources. Leaders who wish to create a new level of performance in their organizations need a risk culture that includes all workers in the organization.
Risk management practices must ensure that the right people see risks and opportunities at the right time, enabling teams to act with skill and confidence and extend the boundaries of what is possible in their response strategies. That is how an organization builds resilience and remains relevant in the decade ahead.