Recently I was running an education workshop for a group of 35 leaders from a financial services organisation. We looked at their risk culture survey results, their organisation’s value statements, the behaviours they see from staff and the behaviours they will need to portray as leader, to continue to build a strong culture of accountability for the management of risk.
What caught their attention the most was this slide, when I explained that risk management done well delivers a more agile organisation. One where staff are able to make better decisions, faster, within a sound understanding of the organisation’s appetite for risk.
I said to them that I used to say the purpose of enterprise risk management was to build resilience in an organisation. I then asked them: “What makes a small business resilient?”. They were a smart bunch, the second suggestion from the audience was “agility”. I replied: “Exactly, and that is what Risk Leadership delivers”.
I went on to say that Risk Leadership is not leadership by the risk function – although they play a pivotal role. It is about their leadership. I had their attention and from there the review of culture, values and behaviour was done with vigour.
Interestingly the case study we used during the workshop was one of their major IT projects which is being run with the Agile Methodology. My message to them… the Agile Methodology is a form of risk management. Yes, identify risks and put in a light governance model, but don’t overdo it and “throw the baby out with the bath water”. It is all about embracing uncertainty, not trying to control it with an iron fist.
For more on embracing uncertainty, I would encourage you to read my latest book Risky Business: How Successful Organisations Embrace Uncertainty, including my commentary on the Agile Methodology in the first chapter: An uncertain world.