Skills shortages, caused by a failure to fill vacancies. A drop in currency value caused by market uncertainty post-Brexit. Fines and financial risk caused by a failure to comply with regulations.
Risk is inherent in everything we do. After all, whole industries such as insurance and gambling are founded on the management of risk. Because of its evolutionary nature, levels of risk can change, as can our perceptions of it.
Biggest operational risks
A global C-level survey identified the biggest operational risks facing companies, and many of the biggest concerns relate to compliance:
- Pandemic related policy and regulation on business performance
- Complying with data privacy laws
- Inability to deal with cyber-threats
- Regulatory change and scrutiny on operational resilience, products and services
The other major concerns all fall under the banner of external forces. Whilst you may struggle to control these, you can certainly mitigate against them.
- Economic conditions
- Pandemic related market conditions on demand
- Adoption of new technologies requiring new skills in short supply
- Leadership succession challenges and ability to attract and retain top talent
- Resistance to cultural changes may restrict the need to make necessary adjustments to the business model and core operations
- Inability to compete with ‘born digital’ competitors
In the corporate world, risk management involves understanding and analysing risk to ensure organisations meet their objectives. So how can you improve risk management in your company?
10 top tips on how to improve risk management
1. Be clear about your remit
Any gaps in responsibilities across your business present an increased opportunity for risk. Ensure that everyone knows exactly what part of the business and what activities and tasks they are responsible for.
2. Identify risks early on
It’s never too soon to start thinking about risk. The sooner you do this, the easier it will be to manage the risk. Think about risk management at the start of every project or task. What Early Warning Indicators (EWIs) can we track for different risks? Risk management should be embedded into all of your work processes and corporate culture.
3. Be positive
Not all risks are negatives, so don’t only focus on the downsides. Risks can also be positive, presenting opportunities and enabling us to take advantage of a given event or situation.
4. Describe risk appropriately
As part of the risk assessment process, it is good practice to create a risk ‘string’, distinguishing between cause and effect.
5. Estimate and prioritise risk
Use a risk matrix to assess and prioritise all known risks. You can calculate the severity of risk by looking at both the probability (likelihood) and impact (severity).
6. Take responsibility and ownership
If you see something is wrong, such as a potential safety issue, suspected fraud, or security breaches, take responsibility rather than waiting for someone else to sort the problem out. Risk management works best when everyone is empowered to speak out and take action.
7. Learn from past mistakes
Use historical data and anecdotes to learn from past mistakes and ensure they are never repeated.
8. Use appropriate strategies to manage risk
Use the 4Ts model to decide how best to manage risk. This involves:
- Transferring risk – Assigning an individual, group or third party to be responsible for the risk.
- Tolerating risk – No action is taken to mitigate or reduce risk (it still needs to be monitored).
- Treating risk – Controlling risk through actions that reduce the likelihood of the risk occurring or minimise its impact before its occurrence.
- Terminating risk – Altering processes or practices to eliminate risk.
9. Document all risks in a risk register
By capturing all risks across the company, you will see the bigger picture of your entire risk exposure, which will improve your information sharing and accountability. Remember to document who is responsible for what and appoint a risk owner too.
10. Keep monitoring & reviewing
The level of risk we face is continually changing, with new risks emerging and others becoming less critical.
By being proactive and regularly monitoring your exposure, you will be ready to act when the time comes. So it is important to have a risk management process in place.
Part of that process requires risk management training, not just for management but all employees. Staff need to learn how to recognise what constitutes risk so that they can contribute towards risk management.
