Risk management reaps significant rewards when it focuses on supporting how you deliver your business’ core activities. Essentially, anything that undermines or distracts from this is a risk.
While we must focus on tackling external risks such as cyber security and political change, it’s surprising how often internal risks are the major factor holding your business back. Ignoring ineffective systems, processes or resource constraints can in itself becomes a risk. For example, you might lose key person at a critical time, while poor IT systems compromise productivity improvements.
Too often, we see internal risks solved on a tactical basis, rather than being treated strategically. To create lasting change, you need to take a holistic risk based approach to identify whether there is a deeper, more far-reaching problem in your company and work out a long lasting and cost-effective solution.
Identify where your business needs change
Risk management can help you identify the most beneficial areas where your business needs to change. This needs to go beyond prevailing cultures of periodic audits and 6 monthly reviews of the stale corporate risk register. Taking responsibility and ownership for risk from the top can move your business forward faster and leave you feeling in control. Examining business weaknesses, understanding the root causes of risk, and identifying proactive mitigation actions in a consistent way are all part of good risk management practice.
As soon as you understand what is holding the business back, you can work out a strategy for delivering the improvements that need to be made. For example, a construction company recently identified that the inadequacies of their CAD software tool was the most common risk to effective delivery for many of their projects. By investing in a new system, they could deliver more successful infrastructure projects, minimise customer compensation and drive better margins.
Build a framework for change
Establishing simple mechanisms for identifying, understanding and managing risks can really help businesses with a growth mind-set. You need to take a structured approach: agree a simple risk management process, decide who will be involved, assign responsibility and clarify accountability. With this kind of framework in place, you can start to explore the barriers to progressing as a company; making risk relevant to people’s everyday lives improves communication and engagement.
With a more joined-up approach to risk management, you can start to identify common, systemic risks across the organisation, as well as look ahead to the effect combinations of risks might have. So for example, a contract deliverable running late in one part of the business, coupled with a failed IT upgrade in another, could result in both financial penalty payments as well as wider reputational impacts.
This sort of risk aggregation requires not only a sound risk management framework; you also need a central risk capability to capture and provide real-time visibility of the risks across the organisation. This ensures that wherever risks arise from, they are brought together and viewed from a strategic perspective.
Lead with the right behaviours
If you want to drive business improvement, your business needs to recognise that identifying threats, opportunities and weaknesses is a good thing. This is a first step towards finding ways to do things better. Creating a culture of openness is vital to setting the tone, to ensure that the key blockers percolate to the top for management attention. Business support functions play an important role in this process, by providing a conduit to getting risks to the right level.
Success comes when you make sure you solve the right problems across the whole business. It’s about understanding the risks and recognising where to prioritise, to drive lasting, positive change. Engaging with risk proactively and holistically promotes positive and strategic business thinking, and will help drive that.