Risk management implementation projects are not easy. My own experience (including anecdotal from many professional friends) tells me risk management projects have a great likelihood of failure. Failure, primarily, to live up to expectations … whatever those expectations may be. You can benefit by considering some things to help you get off to a solid start.
A natural temptation might be to name a competent project leader and let them start collecting a list of risks. That, unfortunately, is an excellent way to waste a lot of time and energy. Instead, it’s essential that the three implementation challenges be clarified in at least a preliminary way. That can be done by addressing certain topics prior to rolling out the implementation project. I’ll discuss the first of these in today’s post.
Describe the ultimate deliverable
Most everyone knows what risk management is. Or, at least, they are confident that they know their view of risk management. To those with an accounting or audit background (like me), risk management can imply an evaluation of internal controls. To investment managers, risk management can imply assuring an acceptable and consistent rate of return. To entrepreneurs, risk management can imply additional insights in order to avoid crippling operating losses. To insurance professionals, risk management can imply assuring sufficient insurance coverage.
Setting agreed-upon expectations is critical. Management should identify what risk management should provide in 1 year and in 5 years. To what extent will it be integrated into the overall management framework? Will risk be a topic that is a natural part of everyday discussions or will be a separate annual review? Who will ‘own’ risk management? How will you assign responsibility for specific risks? To what extent will risk management be analytical and to what extent will it be holistic? How will risk concepts influence business decisions? Is risk management only for executive leadership or is it for everyone?
It may be convenient to think of a risk management environment as consisting of some combination of two essential views. One view is primarily analytical. This view envisions spreadsheets with numeric scales and multiple assessment projects with, perhaps, statistical analysis. A different view envisions a network of interconnectedness – a holistic integration where strategies and risks are tied together in a conceptual model. This model shows how the organization operates and how risks might negatively impact that operation.
In my experience, both types of visions – analytical and holistic – are represented in the senior leadership of virtually every organization. These differing backgrounds and different ways of approaching problems tend to get magnified in a risk management implementation project if they aren’t addressed up-front. Neither vision is wrong. In fact most organizations adopt some combination of these views.
Critical Implementation Requirement #1
Executive leadership must develop and share its initial sense of what risk management will mean to the organization. This must be especially understood by the person who will design and shepherd the actual implementation project. As Stephen Covey said – “Begin with the end in mind.” It is important that executive leadership provides enough vision and guidance so that the project leader and the entire organization have a sense of the ultimate deliverable.
In future posts, I’ll address a few other topics that can help assure that your risk management project starts off on solid footing.