If you’re a person conducting a business or undertaking, risk is everywhere. And it’s been like that since well before the COVID-19 safety crisis. With business interruption increasingly becoming a matter of when not if, what can teams do to ramp up their risk management processes for the new normal?
Why the business case for risk management grows
Indeed, the macro-risk picture is bleak. From public, cyber, and operational security to environment, health and safety, the ranks of significant risks continue to grow.
Risk scholars have speculated that cross-industry trends are exacerbating the risk picture for PCBUs across the globe. Those trends include growing interdependency, shorter-term (management) thinking, increased regulation, greater geographical clustering, higher probability of systemic shock, and new calls for transparency.
At this point, developing proactive risk strategies, processes, and systems that address and anticipate important shifts in business risk is the only way for PCBUs to survive in these turbulent times. But challenges remain.
Challenges to effective risk management
It’s often been said that when it comes to risk management, PCBUs are asleep until it is too late. Interest in risk usually increases only after major crisis events like the 11 September terror attacks, late 2000s financial meltdown, and now COVID-19 crisis. That interest then recedes quickly into the background as recovery picks up.
Another challenge: limited resources for risk management. Even if PCBUs could identify every single risk, it would require a significant outlay of resources to control all of them. Allocating that number of resources to risk management would have opportunity costs for running the wider business.
That’s not all. As mentioned, new risks emerge all the time – while old risks take new form.
The pace and volume of change have overwhelmed many risk and safety teams. Existing processes and frameworks have been rendered obsolete, especially those that were disjointed, disconnected, and overly manual to begin with.
Pivoting your risk management approach
How, then, to pivot? A major issue to counter is that teams often lack the internal communications tools to properly integrate their knowledge base of risk into their systems for managing risk and responding to incidents. The result: managers don’t get visibility into companywide risk limiting them to a fragmented view of (section-specific) risk.
Despite the high probability of contagion between business lines, team-specific processes to identify, assess, manage, monitor, and report on risk tend to proliferate. As such, teams are less able to identify priorities that will help them stay ahead of risk. Their processes become more reactive and less effective as a result.
One way to tackle this is investing in the appropriate tools that will enable teams to fully assess and document risks, including detailed information on why certain identified risks were accepted (and others not). Additional best practices include:
- Limit risk decision making to leaders who have the power to allocate resources
- Have clearer organisational objectives for risk management
- Clearly identify risk roles and responsibilities
- Put a support structure in place
- Deploy early warning systems
- Ensure risk decisions go through a pre-approved review cycle
Another important takeaway is to strive for a closed loop of continuous improvement in managing your operational risks, which is where integrated safety and risk management software comes in. Not sure what capabilities are right for your PCBU?
Don’t worry, our Buyer’s Guide to Safety Management Software details the necessary integrated functionality to drive your risk management processes forward. Download it here: