Risk management processes: discipline for pragmatic managers
- Risk management
April 16, 2021 |
3 min read
- Risk management
As a result of the Covid-19 pandemic many enterprises went digital overnight, which caused a lot of pain for some.
This prompted a heightened demand for maturity assessments as companies struggled with governance of new operating models and ultimately led to wider conversations about risk. A pandemic might have been on their risk register but wasn’t perceived as important (or likely) enough to have a clear risk response.
Therefore, leaders are now looking more closely at risk management and how to embed it into corporate culture. And this has resulted in a major influx of requirements for risk management courses based on M_o_R® (Management of Risk) best practice.
I anticipate an explosion in uptake of risk management best practice like M_o_R as companies decide how to improve how they handle uncertainty, ambiguity and make it part of their DNA.
Having risk management knowledge backed up by best practice certification will, I believe, be important for people currently on the job market or hoping to advance in their current role.
Historical risk management performance
When I first certified in M_o_R, I went back to work enthused. But after enquiring about the company’s risk strategy, the response was: “we insure against what we can and deal with everything else as it comes up.”
This meant the risk register wasn’t actively managed or reviewed and people were paying lip service to risk management in projects and programmes, for example not using risk logs consistently throughout the lifecycle of change initiatives.
Risk management was treated as a tick-box exercise without discipline or engaging the wider company with the concept of risk. Having such gaps at both a strategic and delivery level showed me how “winging it” is not a sustainable approach to risk.
The pandemic’s impacts on poor risk management
Taking a relaxed attitude to risk management is bad enough in normal times. In the pandemic, it’s made organizations even more exposed.
For example, many leaders were simply not prepared to lead and manage a remote workforce. The sudden need for new, remote working technology and systems created risks around data sharing and how to engage with customers, partners and employees.
In many instances, companies expected people to learn new ways of working and applications without being taught. The pressure of this, coupled with the effects of feeling isolated and juggling home schooling for children, has harmed people’s mental health.
These experiences have highlighted the need for new discipline in risk management, with planning that happens not annually but at least quarterly in response to the speed of change.
Addressing risk with best practice – M_o_R
For companies seeking risk management knowledge, best practice such as M_o_R give them a clear view of the processes and techniques they need.
For example, that can include approaches like PESTLE and SWOT to assess risk followed by guidance on how to plan and implement processes throughout the life of projects and programmes.
It ensures people understand risk thresholds in their organization, i.e. at what point do you treat something as an issue, create a response or ignore it? In one example, a company treated risks on its risk log as either open or closed, rather than indicating what needed a response or required a plan B. Instead, the techniques in M_o_R provide a perspective on risk, the ability to assess it and plan a response.
Essentially, it’s about making risk management part of the day job and recognizing what’s keeping you up at night.
Make a choice: be pragmatic or panic
One important thing the past year has taught us about the VUCA view of the world (volatile, uncertain, complex, ambiguous), is that it’s true.
But organizations and their leaders can make a choice about how to respond: either be pragmatic, or panic.
So, do you want to feel this level of pain again or take risk management seriously as a strategic discipline to deal with the unexpected?