How can good risk management generate added value for the organization?

Author: Manu Steens

In this contribution I write my own opinion, not that of any organization.

A first way of generating added value through risk management is by ‘clearing the road ahead of obstacles’. This applies to processes and projects, operational, tactical, and strategic and at all layers of the hierarchy.

By achieving successes and paying attention to them, self-confidence increases. The experience gained will make it easier next time. This self-confidence paves the way to trust in others and to a culture of greater interpersonal safety. People automatically work better together. Also in areas other than safety.

By also tackling opportunities with risk management techniques, such as a SWOT with a confrontation matrix, the chance of success of focusing on positive side effects of projects and processes increases. It does this by identifying the weaknesses that could be an obstacle to the opportunity. You then use measures to transform this into a strength so that the opportunity succeeds. An additional effect is that the strength gained makes the organization more resilient.

By seeing risks in a responsible, organizational way as an opportunity to achieve profits. For example, by using production machines in such a way that they quickly switch between products when demand increases. For example, some manufacturers quickly switched from diapers to masks during COVID-19.

By implementing the philosophy of ‘ build back better ‘ in a new normal, after materializing a risk and dealing with the associated crisis. ‘ Build back better ‘ does not just mean using better quality materials. It also means adapting processes to the new situation. After all, a crisis is like a phase transition from the old normal to the new normal. The rules of the game are sometimes significantly different. And it is best not to decide too quickly that the new normal is known. After all, after the ‘right to work from home’, a new movement of ‘right to go to the office’ emerged. For the benefit of social contacts. The truth will probably lie somewhere in the middle.

Don’t look too much for costs/benefits in financial numbers. ‘ Return on Investment ‘ (ROI) and ‘ Return on Security Investment ‘ (ROSI) are often incomplete or incalculable. On the other hand, ‘ Value on Investment ‘ (VOI) is comprehensible if we replace the I of ‘ Investment ‘ with other concepts that start with an ‘I’:

  • Information —The risk assessment offers timely and relevant information that employees can use (e.g., awareness raising, contributions to organizational newsletters, publications in company magazine, blogs, updates on problems and results).
  • Initiative —CROs who take a stand on issues and ensure their voice is heard on the process adopted by the sponsor and process manager before decisions are made, can trigger initiatives.
  • Impact —CRO initiatives create an impact that benefits the organizations themselves and the customers they serve.
  • Influence —Because the CRO proactively monitors the organization and acts where necessary, they are seen as one of the influential roles in the organization. Does this help create risk awareness and the infiltration of risk-driven behavior?
  • Interaction —The CRO offers employees the opportunity to connect with like-minded people, share information and best practices too to learn about risk management (and therefore this is also awareness building).
  • Instruction —The CRO offers timely, process-specific, and cost-effective solutions thanks to the cooperation of the process owner process managers can improve their processes, continue to comply with the rules and build a good reputation and image for their team and themselves within the organization.
  • Insights —Process and project managers and sponsors acquire valuable knowledge, best practices and learning from the CRO. (For example, between similar processes or projects.)
  • Integration —Process and project managers can apply what they learn from the CRO within their own team to reach their new goals .

Finally, there is the clincher among the benefits: you score on the next safety audit. This cannot be underestimated.

Knowing such added values encourages many people to adjust their behavior in a risk-conscious and risk-driven manner.

Tips that indirectly support added value:

  • As a risk manager you never ‘graduated’. It requires a 360° view of the environment and a good knowledge of the interfaces of several types of sciences. Continue reading up on relevant new topics. Be a ‘ pracademic ‘. Not a pure ‘ academic ‘. Apply newly learned things. Keep track of what works and remember what doesn’t work and why.
  • Promote a strong diversity of skills and interests within the CRO team. Even art sciences should be welcome. The aim is to look at every risk or problem with the broadest possible 360° view. Involve as much diversity as possible in the risk management team. This also applies to gender, cultural background, age, basic education, etc.
  • Use the 80/20 rule: because 80% of the problems can be solved with 20% of the resources. Risk communication prevents many problems and is cheap. Don’t overdo it with sending messages, because then no one will read them anymore.
  • Talk to the entire C-suite. Their concerns are a large part of the risks of the ‘internal situation’. Listen to their ideas. Explore their risk needs.
  • Know the objectives of the organization. Many strategic risks depend on this.
  • Know the organization’s near and far environment. Because this is essential to recognize strategic risks in a timely manner.
  • Develop a strong bond with the internal communications professional. He knows the best communication channels for target groups and how to optimally communicate certain messages. Even in times of crisis.
  • Know the cultural intricacies of the people in your organization. Develop a strong cultural sense. Also know the organizational culture. Know how they influence each other.
  • Measuring is knowing: this idea is not outdated. However, parts of the foregoing are about sensing during discussions rather than measuring. It is best to keep your finger on the pulse in both ways. Keep talking to stakeholders. In addition, continue to monitor the measurable matters.
  • Know and talk to external stakeholders. Knowing their needs is essential. To this end, prepare a stakeholder analysis.
  • Keep the risk cycle (PDCA cycle) going.
  • Adopt an ‘open attitude’.
  • Pay attention to issues, problems, risks, crises of other organizations. And from other sectors.
  • Follow multiple independent news media. Listen to diverse opinions on issues.
  • Talk to the employees. Know what is going on in the organization as well as in the environment.
  • Get camera training. Master communication techniques thoroughly. Pay attention to others. Much, if not everything, depends on their goodwill.
  • Believe in your colleagues. Believe in yourself. Have passion.

Manu Steens

Manu works at the Flemish Government in risk management and Business Continuity Management. On this website, he shares his own opinions regarding these and related fields. Since 2012, he has been working at the Crisis Centre of the Flemish Government (CCVO), where he has progressed in BCM, risk management, and crisis management. Since August 2021, he has been a knowledge worker for the CCVO. As of January 2024, he works at the Department of Chancellery and Foreign Affairs of the Flemish Government. Here, he combines BCM, risk management, and crisis management to create a tailored form of resilience management to meet the needs of the Flemish Government.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts