Do we manage risk effectively?
Part # 1 of 6
Everyone knows that it is important to manage risk. Everyone knows that, don’t they? From feedback in industry, that obvious truth is not clear to everyone. The very concept of risk is at best poorly understood.
Risk is simply the threat of damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through pre-emptive action. So obviously, risk is managed to prevent loss, injury and other negative consequences of a threat to the organisation.
The concept of loss and injury is generally understood to a greater or lesser degree. It is around “other negative occurrences” that a gap exists. These occurrences include financial loss, reputation damage and even closure of the organisation or business.
If an organisation is only managing one or two sources of risk, it is not managing its risk effectively. Risk management covers every aspect of an organisations activities.
Are you managing your risk effectively? Take a moment to consider the answer.
Are traditional methods of managing risk doing their job?
Part # 2 of 6
The methodology of risk management management risk in industry has not changed significantly, with some outstanding exceptions, in the last 50 or 60 years. Whilst new buzz words and clever schemes come and go, the essence has remained essentially unchanged.
We tend to stick to the path most travelled: Appoint one or more people to be the safety department, who will then implement systems to try and ensure legal compliance and minimise the risk of injury and loss. These systems are then passed on to those on the coal face for implementation and compliance. There is generally a serious conceptual gap between the developers of risk management systems and those who are supposed to implement and use them. Poor communication, awareness and understanding lead in all too many cases, to a low-key war between the Enforcers (Safety, Quality, etc.) and the doers – the work force at large.
This aspect of the traditional management of risk leads to a degradation of the risk management function.
How traditional is your risk management?
People and systems!
Part # 3 of 6
The most important part of any business is the people who do the work. Without them, there is no business. Systems and procedures are written to assist the people to achieve their objectives with the minimal exposure of themselves to personal or business loss.
Sadly however, all too often the tail wags the dog. It is forgotten that systems are provided to assist people, and the systems and procedures become an end in and of themselves.
A system without people is as much use as a business without people.
All systems should be developed with the people who need to use it. They, after all, know their jobs, whilst all to often the developers of systems don’t know what happens on the factory floor.
The answer to this separation is actually quite simple, and consists of three words: Engagement, involvement and training.
Are your people engaged, involved and trained in the management of your risk?
Why do we measure what we measure and does it add value?
Part # 4 of 6
At every board or management meeting across the country, someone presents last months risk statistics. The lost time injury rate is beautifully graphed, the number of quality non-conformances are meticulously listed, and health incidents are detailed. Some organisations even have projected trends available. Everyone looks at the numbers, and unless there is a serious incident or failure, agrees that everything went well LAST month, and the meeting moves on.
This can be referred to as the feel-good phase of the meeting. Everything looks good. We are managing our risk well.
Using last months statistics to evaluate the present state of the risk management function is a bit like driving down the highway, using your rear-view mirror to navigate. It’s a dangerous game, indeed. The absence of incidents does not imply the presence of effective risk management in the organisation.
Lagging indicators are only useful for a very limited moment in time. If a forward looking and pro-active philosophy is not the norm, you are driving recklessly.
Are you driving using the rear-view mirror?
Why train your people?
Part # 5 of 6
Well, because the law says we should? Yes, it does indeed. But training should be much more than just the bare minimum prescribed by law.
Training is the process of equipping people with the skills and understanding to do their jobs more effectively, to understand the environment in which they work and to empower them. Effective training covers the subject matter by challenging the trainees to participate, to question and challenge. If your delegate to a training course is snoozing in the back row, several things have happened.
In the first instance, you have been robbed. Secondly, a considerable risk has been created through a person being accredited with the knowledge to do a task, whilst in actual fact he or she has learned nothing.
Always ensure that your people are getting effective training, to the point of attending training yourself.
You may be surprised what you learn.
Part # 6 of 6
How often haven’t we all seen some corporate slogans or talking heads spouting the cliched phrase “Safety is our first priority”? And have not all at one time thought to ourselves, yeah right?
Good, coherent and sustainable risk management requires the participation of everyone, from the Managing Director to the Beverages Manager. South African society has always emphasised conformance and not challenging the status quo, to the detriment of the general wellbeing of the whole of society.
The same culture applies in many organisations.
To optimise your risk management programs, encourage everyone to get with the program, and say something! Don’t be the one who walks past a risky situation, says nothing but nods wisely when the cliched phrase is trotted out.