It’s funny how everyone wants a great strategy but not everybody wants to deal with the risk of achieving the strategy. I think it is because the following statement is true:
“Risk management is good management.”
Hence most of us will think and sometimes say, “Doing my job is managing risk”. And most of us think we are doing our job pretty well so there’s no need to change, right?
The answer you are most likely to give me is that “We can always get better”. So why do so many people not spend some time thinking about the uncertainty around getting their job done and making sure that great strategy stays great?
The answer is because the risk profession has not delivered them sufficient value. They have probably experienced risk speak, complex risk registers and resource draining tick-the-box compliance processes. They haven’t had a valuable conversation about managing uncertainty in a way that is not overly burdensome and delivers instant results because of the picture they can now see in front of them.
Last week I pointed out that organisations are wasting valuable resources on ineffective risk processes. And the business knows it and puts up with it but also resists it. The result is that risk people feel like they are talking to a brick wall.
If your organisation resembles these remarks, please do yourself a favour and break the cycle. Here are a few tips:
- Don’t have risk registers. Rate the risk of each of the organisation’s, business unit’s or project’s performance objectives. You will still capture everything that was in the risk registers, except now it will be more meaningful for management.
- Don’t write a bland and boring risk appetite statement. If you need one, write one that answers the question for middle management of “How much appetite do we as an organisation have for…?”
- Don’t have risk processes. Have processes within standard business processes to enhance decision making.