Risk management processes: discipline for pragmatic managers

People discussing documents with charts on them

What is driving the increased demand for risk management processes in organizations?

As a result of the Covid-19 pandemic many enterprises went digital overnight, which caused a lot of pain for some.

This prompted a heightened demand for maturity assessments as companies struggled with governance of new operating models and ultimately led to wider conversations about risk. A pandemic might have been on their risk register but wasn’t perceived as important (or likely) enough to have a clear risk response.

Therefore, leaders are now looking more closely at risk management and how to embed it into corporate culture. And this has resulted in a major influx of requirements for risk management courses based on M_o_R® (Management of Risk) best practice.

I anticipate an explosion in uptake of risk management best practice like M_o_R as companies decide how to improve how they handle uncertainty, ambiguity and make it part of their DNA.

Having risk management knowledge backed up by best practice certification will, I believe, be important for people currently on the job market or hoping to advance in their current role.

Historical risk management performance

When I first certified in M_o_R, I went back to work enthused. But after enquiring about the company’s risk strategy, the response was: “we insure against what we can and deal with everything else as it comes up.”

This meant the risk register wasn’t actively managed or reviewed and people were paying lip service to risk management in projects and programmes, for example not using risk logs consistently throughout the lifecycle of change initiatives.

Risk management was treated as a tick-box exercise without discipline or engaging the wider company with the concept of risk. Having such gaps at both a strategic and delivery level showed me how “winging it” is not a sustainable approach to risk.

The pandemic’s impacts on poor risk management 

Taking a relaxed attitude to risk management is bad enough in normal times. In the pandemic, it’s made organizations even more exposed.

For example, many leaders were simply not prepared to lead and manage a remote workforce. The sudden need for new, remote working technology and systems created risks around data sharing and how to engage with customers, partners and employees.

In many instances, companies expected people to learn new ways of working and applications without being taught. The pressure of this, coupled with the effects of feeling isolated and juggling home schooling for children, has harmed people’s mental health.

These experiences have highlighted the need for new discipline in risk management, with planning that happens not annually but at least quarterly in response to the speed of change.

Addressing risk with best practice – M_o_R 

For companies seeking risk management knowledge, best practice such as M_o_R give them a clear view of the processes and techniques they need.

For example, that can include approaches like PESTLE and SWOT to assess risk followed by guidance on how to plan and implement processes throughout the life of projects and programmes.

It ensures people understand risk thresholds in their organization, i.e. at what point do you treat something as an issue, create a response or ignore it? In one example, a company treated risks on its risk log as either open or closed, rather than indicating what needed a response or required a plan B. Instead, the techniques in M_o_R provide a perspective on risk, the ability to assess it and plan a response.

Essentially, it’s about making risk management part of the day job and recognizing what’s keeping you up at night.

Make a choice: be pragmatic or panic

One important thing the past year has taught us about the VUCA view of the world (volatile, uncertain, complex, ambiguous), is that it’s true.

But organizations and their leaders can make a choice about how to respond: either be pragmatic, or panic.

So, do you want to feel this level of pain again or take risk management seriously as a strategic discipline to deal with the unexpected?

Current rating: 4.3 (4 ratings)

Comments

18 Apr 2021 Daniel Kevin Smith
Alternate text
Hi Emma

I agree effective risk management should be taken seriously by every company.

My personal opinion is with better risk management in place unforseen threats would be highlighted much quicker.

These threats often become the biggest issues as well for a project or programme.
21 Apr 2021 Ivo Vermeulen MA Prince2
Alternate text
Too often risk management is an after-thought in managing Programmes or Projects, and as you mentioned - insurance is taken for known risks, and the rest you "wing". The current (ongoing) crisis, creates a myriad of issues for organizations managing programmes where some have managed to turn those risks around and create new opportunities (winging it worked), there are surely many example where this crisis caused significant challenges to scope, schedule, cost and quality.
You must log in to post a comment. Log in