Implementing & Embedding Risk Management

Top tips for implementing and embedding risk management

Management buy-in

Gaining senior management buy-in for implementing and embedding a risk management programme is crucial. If management is onboard and understands the importance of risk management and how it can affect the overall business performance. This will help instil new processes and practices to ensure everyone has a risk focus. Talking about risk at a strategic level is a great way to do this.

Risk management Training

Creating a network of risk coordinators or champions will help filter the risk message throughout the organisation. This will aid the success of embedding risk management. Risk management may not have been conducted or even been considered by many people within your organisation before. It is important that training is provided to guide people through the process of identifying, monitoring and mitigating risks. The information gained should be used to make informed business decisions. Another important facet of this network is the ability for the organisation to retain invaluable knowledge should someone leave. Too often, great work in rising ERM up the agenda is lost when a vital member of staff is lost – good knowledge transfer and hand over is key.

Promote risk management as a management tool

Leading by example will assist with embedding change. If you can establish one area, department or project that can make positive use of risk management then they will be able to help you promote their successes to the rest of the organisation. Allowing real life examples to be demonstrated is powerful. For example: If a local council’s objective is to reduce the number of pothole claims it receives by 20% this year, understanding what circumstances would stop this objective being met is of paramount importance. Perhaps staff shortage, bad weather, lack of equipment and lack of budget for repairs for example. It then stands a greater chance of meeting the objective as it can look to mitigate these problems.

Use an analytical approach to risk management

One of our clients has revamped its reporting and visuals to demonstrate the changes to their risk profile rather than simply displaying a detailed risk register in front of its managers. Gaining a deeper understanding enables discussions to be had on different perceptions of risk and effective controls that can be shared across the organisation. Ensuring the reports that you provide to management are valuable will ensure that they become reliant on the information you provide. This will in turn improve the perception and value of risk management within your organisation.

Organisation wide risk responsibility

All managers who are responsible for a business goal should be responsible for the risk management associated with that goal, as well as the overall attainment of the objective. This ensures that risk management is practiced on a companywide level and creates a risk culture throughout the organisation. The manager responsible for reducing pothole claims for example, will be tracking with interest as claims are submitted. They will be making informed decisions about the amount of money they spend in order to fix the highways and reduce the overall number of claims, perhaps hiring new staff or using contractors as required to mitigate a potential staff shortage for example.

Additional performance indicator

Including positive risk behaviour into personnel reveiws will ensure that employees maintain focussed on risk management.

Risk culture

Creating a risk culture will take some time but ensuring an environment where people can talk openly about any issues or problems they are experiencing will help to embed a risk culture across an organisation. If everyone is aware of any problems, then there is a greater opportunity to rectify them. An important part of risk management is to learn from previous failings. Having the appropriate mechanism in place to discuss lessons learned in a positive and educational manner is essential to avoid repeating the same issues.

Money Talks

As the old saying goes, money talks. Demonstrating that the omission of conducting risk management will be financially detrimental to the business will help gain buy-in from the business.

Risk software

Using a centralised risk management tool that links all risks back to the company’s strategic objectives gives great visibility of risk management to all employees across the business. Running reports from the software, provides valuable information quickly and easily. This is essential when making business critical decisions. A centralised system makes auditing easy. When challenged, personnel can very quickly identify that risk had been considered and actions put in place.

JCAD_Implementing Risk Management