There is not one organisation that can afford to ignore risk. We must plan for the possibility of things going wrong. Whether risk comes from environmental threats such as floods and fires, human-based threats such as workplace violence or cyber-attacks, or health threats – as the world has recently learned through the global pandemic.
The thing about planning for risk is that it can make us fixate on potential threats. To protect what we value most, we can become so worried about the things that might happen that we introduce systems of protection, that are themselves sources of risk. The introduction of processes to reduce risk or human errors, can create overhead that slow down our businesses. Not to mention frustrate our employees and even create a culture of suspicion and mistrust. At times this can been seen to cause more harm than the original threats we hoped to protect ourselves against.
What are you really achieving through risk management?
Even with our best of intentions and our decisions to provide structure and control to reduce the effects of certain types of risks, we find ourselves being exposed to other types of risks through this process.
One of those risks is ‘disengagement’. Many executives’ associate disengagement with productivity and don’t consider the risk exposure. When employees are disengaged, they are at best satisfied with the bare minimum level of productivity and focus. Which is why statistic shared from Gallup’s recent State of the Global Workplace: 2021 Report, that 80% of workers are not engaged or are actively disengaged, is incredibly concerning.
When it comes to disengaged employees in the context of risk, there are three concerns:
- Lack of attention leads to errors, and ‘unintentional’ insider threats which is the most common type, making up two-thirds of incidents.
- A lack of situational awareness, they don’t even see there is a risk.
- A low ‘care factor’ if they do identify a threat or vulnerability, they see it as “someone else’s problem.”
This is why disengagement is so important and why you need to take a person-centric approach to reduce your organisational risk profile.
We need more than a traditional approach
There are many global risk management standards that provide organisations with a structure, to help them understand the types of vulnerabilities and threats they need to protect against. These Standards provide frameworks and processes to manage risk, but as they are not designed with people at the centre.
Risk management is more than processes and systems, it is an artform that centres around your people.
Because here’s the thing. When it comes to executing the organisation’s risk management plan, who is really executing? It is your people.
It is no longer with the original handful of decision makers who created the plan. The plan execution now delegated to others within the business. Managers may play a part, but the real responsibility for the execution and day-to-day management of risk, is your employees. Which is why it is imperative to have an engaged workforce and avoid the three concerns relating to disengagement.
The Royal Commission’s findings within the Finance Services sector highlighted that accountability resides at the top. It is senior executives that are accountable for the poor behaviour, decisions, and actions/inactions of all of their employees and the systems within their organisation. This drives home the importance of understanding why organisational risk starts and ends with your people. That the organisation will win or lose as a team when it comes to managing risk. That there are heavy costs for the organisation, and personally, in penalties and reputational damage when getting this wrong.
A change in perspective is needed
It is time to rethink how we approach managing risk and to ask the question, how do the processes, policies, procedures, and technology affect our employees? After all, they are the ones who interact and navigate challenges with your work environment. Does your organisation’s risk management strategy help and support them to be successful? Or does impede their ability to perform their fundamental roles? Are some employees getting creative to find work arounds to be successful? The answer to the question plays a factor in your organisational risk profile. So, it is certainly worth asking the question.
If your efforts are impeding employees, this can lead to disengagement. Often disengagement comes from a lack of connection to the business, its purpose, or a lack of trust with leadership, or not feeling valued and heard.
Look through the lens of your people, truly understanding their needs to create a connection and alignment between employees and the organisation. This will allow employees to find their sense of contribution, meaning and motivation to protect your organisation.
It is only by focusing on risk with and through your people, that are you going to truly solve your organisational risk exposure and drive transformational change.
If you would like to talk more about how to move forward with a people-centre approach to your risk management strategy, book in for a discovery call here. We are here to help.
This article first appeared online GovernanceInstitute.com.au website.