The importance of getting risk management right means that it is the source of anxiety, and even fear, for those tasked with managing it. Getting it wrong can mean harm to organisational assets – or its reputation.
It can lead to harm to employees or customers, including physical, psychological and emotional damage. For senior executes accountable for risk management, getting it wrong can also damage personal reputations, ending careers, which was evident in the Royal Commission’s findings within the Finance Services sector.
It’s because of these high stakes that emotional, reactive and downright dangerous decisions are common in risk management. I have seen this first-hand when working with companies who find themselves lost in a labyrinth of confusing solutions. So today we are going to give some perspective by debunking three common myths:
- Risk is complex
- Systems before people
- One or the other
Risk is complex
Risk can appear complex. Why?
Risk has generated a multibillion-dollar risk management industry, though all too often this industry trades on smoke and mirrors. Concerned decision-makers are sold solutions that are not adequately explained or customised or, worse, exaggerate threats to encourage leaders to make decisions out of fear.
And what does fear stand for? False Evidence Appearing Real (FEAR).
Risk and risk formulas are quite straight forward but the language used often confuses people. Risk should be viewed in a pragmatic way and with common-sense. Risk after all is defined as the “effect of uncertainty on objectives” and risk management as the “coordinated activities to direct and control an organisation with regard to risk”. So, when you peel back the layers, risk management is about decisions and actions (or inactions).
Regardless of how complex your risk situation, it is ‘people’ that take a pragmatic process and make it more complicated. We are all different in our thinking, values, approach and risk appetite.
To do better, it is important to demystify and simplify risk. Use common language, common sense, and remove fear. Risk today requires a mindset shift.
Systems before people
Organisations are drawn to reduce costs while finding efficiencies, which makes systems and technologies appealing. These also appeal to people aiming to protect assets deemed as valuable or important. It is with our best intentions that we turn to systems, though without care we can find ourselves creating and exposing the organisation to other types of risks.
Relying heavily on systems and technology can bring short-term gains, but some can end up being band-aids – superficial solutions that not only impact negatively on employees and the organisation, but also result in unnecessary expenditure.
Your people are in every corner of your business. They are communicating with customers and working intimately with every process and technology. If your systems and approaches don’t support your people, or impedes their ability to perform their job function, they can become frustrated. Worse, they can find creative work arounds to complete tasks, leaving your business exposed.
Systems should be designed and implemented with people in mind, at the centre, as systems are supposed to be part of our “tools of trade”. Maximise all your assets cohesively to get the best return, by ensuring your approach is ‘people before systems’. It is about equipping your people.
One or the Other
When it comes to exploring a new Risk Management Framework, you may think you have to replace the current one. That you must start all over again and have “one or the other”. That is not the case.
Here’s the thing, you need to make sure your risk management strategy is relevant and reflects your business, your business identity. No two organisations are the same. Each business is unique regardless of similarities of your industry.
The risk management frameworks of many organisations are ‘tick box’ focused. Some still leave gaps around risk and others conflict with the organisational values.
This is why stepping back is so important to ensure you know your destination. You may need to blend risk management frameworks to gain the outcome required to support the business risk management strategy and the organisation’s identity.
To move forward we need to bust the myths. There is a mindset shift required around risk management because all paths for a successful risk management strategy are dependent on your people. The real responsibility, the execution and day-to-day management of risk, is by your people. You will either win together or lose together. So, it worth asking the question, do you have a person-centred risk management strategy?
Your secret weapon is your people.
If you would like to talk more about how to move forward with a people-centre approach to your risk management strategy, book in for a discovery call here. I would love to help.
This article first appeared online First5000.com.au website.