We have provided a series of posts describing how to begin a risk management program. Get commitment from the top. Take a risk inventory. Build a risk register. Examine a variety of threats and opportunities. Here’s why these steps are important.
Risk management can yield enormous benefits, but you have to commit to it. Once you do, you create a virtuous cycle of awareness, learning, and responsibility.
As we described before, a risk register is a document that lists threats and opportunities as they are identified. It does not have to be a complex document. In fact, for a smaller organization, it can be an Excel spreadsheet with a few columns. The one for my company has columns identifying the issue, the date added, information about mitigation/development steps are planned, a numerical assessment of the threat or opportunity’s importance, and who is responsible for mitigation of the threat or development and exploitation of the opportunity.
Feed the Register
An organization could deputize one employee to maintain the risk register. Other employees could send e-mails to the keeper of the register describing a threat or opportunity and explaining why they believe it should be added to the register. New entries would be added provisionally. Someone from leadership would periodically review the registry and determine whether a provisional entry should be maintained in the registry. If it is, leadership would assign someone to own that risk and spearhead efforts to mitigate the threat or develop the opportunity.
Reap the Benefits
Look at the dialog that develops as a result of this tool.
1. A variety of sources can add threats and opportunities, therefore increasing organizational awareness.
2. Learning about the risk register increases the likelihood that employees will notice and comment on potential risks. We notice what we are primed to notice.
3. Leadership is able to periodically make themselves more aware of emerging threats and opportunities.
4. Leadership is encouraged to engage in dialogue about risks that have been identified.
5. If a risk is deemed worthy of continued inclusion in the register, someone owns that risk and focuses efforts at mitigation or development.
In short, it doesn’t take much to make risk management an important operational process. If you would like further details, or would like our help, please give us a call.
Also, please share this post if you found it useful.