Taking on risk
Posted 04 May 17 by Ken Weldin
Recently I presented to a group of leading CFOs at the CFO Summit in the Gold Coast and at a Governance and Risk Masterclass held by the Governance Institute of Australia in Melbourne. In both sessions, a key theme was what effective and contemporary risk management looks like in today’s environment.
From these sessions and the wide ranging discussions which followed them, a number of thinking points came up:
Thinking Point 1: Be comfortable dealing with uncertainty
Risk is concerned with:
- How you make decisions
- How you allow those around you to make decisions
- Importantly in the context of change
Change is a key theme because if things didn’t change, then life would be a whole lot easier. Decisions could be taken with more certainty for example and we would have a totally different perception of risk.
Thinking Point 2: Be alert to what culture you are developing
Think about the risk efforts in your company:
- Do they largely concern themselves with stopping something from happening?
- Or do they provide guidance or guidelines setting out how to do something?
- Or do they do both?
When viewed in this way, approaching risk in terms of opportunities and looking at the upside as well as the downside, risk efforts can start to have an empowering impact.
Workplaces with high health and safety risks will focus a lot of energy stopping ‘bad’ things from happening. Those on the other hand, say biotechs or companies with a strong research and development focus want something ‘new’ or ‘different’ to happen.
You can see therefore that risk efforts aimed at ‘stopping’ something from happening as well as risk efforts that encourage you to ‘do’ something unavoidably start to influence culture.
What culture do you have? Have you fostered a ’start’ or a ‘stop’ mindset?
Thinking Point 3: Be prepared to ask the question: ‘We don’t do that…do we?’
It doesn’t take long to think of other organisations who have found themselves on the wrong side of a risk management failure. Some recent examples are global and involve technological/digital concerns (Volkswagen, Ashley Madison); some are more local with more traditional worries (7-11, Seven West Media, Dick Smith).
The key lesson from these and other failures is found in that word: lesson.
Look around, learn and find the lessons to translate into your company:
- What would be your equivalent of a cheat device?
- What would break your implicit promise to your customer?
- Why are you sure that could never happen to you?
Thinking Point 4: Be open to the possibility that someone is telling you something you need to know
Looking at these high profile failures, I am drawn to the fact that you would be hard pushed to find an organisation that does not have an appropriate, reasonable or sensible 'tone from the top' messaging. Particularly when just about every entity will have a set of policies and procedures on culture, conduct and expectations.
Where things can begin to go wrong is when cultural drivers and pressures (intentional or otherwise) change how this is represented in the ‘tone in the middle’. What do your people know that they are not telling you? If they are telling you something, are you actually listening to the ‘moan in the middle?’
Similarly, what about the grass roots of your organisation? What is the ‘grumble at the ground’ telling you from the areas of your business dealing with the outside world, suppliers, customers, regulators etc.
It is this ‘transfer of intentions’ from the top to the middle to the ground of an organisation where messages can get confused, behaviours start to veer off track and in short, managing risk can become difficult.
Are you actively listening to those mumbles and groans?
Are there any other points for today’s leading risk functions?
I would love to know what you think.