Risk management may seem simple enough in theory, but not all employees have the necessary skills and competencies to successfully apply it in practice. One of the key components in driving change is employee training and development.
…continued from previous post
Conduct training for “risk-champions”
Provide additional risk management training to the in-house risk management team and business units responsible for internal control, audit, finance, strategy and others. Risk managers may conduct it personally or outsource to third party providers. In-depth risk management training should include (this example is based on the actual risk management training provided by Institute for Strategic Risk Analysis in Decision Making (ISAR) and RISK-ACADEMY):
RISK MANAGEMENT FOUNDATIONS
- Definition of risk
- History of risk management
- International and national risk management standards
- Introduction to finance, project management and process management
- Introduction to statistics
- Insurance basics
RISK MANAGEMENT IN DECISION MAKING
- Identification of risks associated with decision making or goals/KPIs achievement
- Risk analysis in decision making (sensitivity analysis, scenario analysis, Monte-Carlo simulations, decision trees, scoring models)
- Risk mitigation and risk-based decision making
- Disclosure, reporting, monitoring and review
PSYCHOLOGY AND RISK MANAGEMENT CULTURE
- Risk psychology and cognitive biases in decision making
- Risk management culture
- Principles of risk management ethics
INTEGRATING RISK MANAGEMENT INTO THE BUSINESS
- Understanding the organisational appetite for risk
- A roadmap for risk management integration:
- Developing new and updating existing policies and procedures
- Integration into decision making, planning, budgeting, purchasing, auditing etc.
- Risk management roles and responsibilities, risk management KPIs
- Integrating risk information into management reporting
- Resources required for the implementation of risk management
- Auditing risk management effectiveness
- Risk management continuous improvement
- Risk management software
For more information about training programmes or to order training for your company see www.risk-academy.ru/en/corporate-risk-management-training. If you are interested in sitting the G31000 certification exam after the training and receiving a risk management certification, please refer to http://www.risk-academy.ru/en/c31000-risk management-certification/
Make risk training competency based
Just like any other business expense, a risk management training budget needs to be justified. And just like any investment decision, risk management training needs to show adequate return on investment. Training costs money: the development process, hiring trainers and getting employees to dedicate time away from their workplace to participate in training.
One useful way, suggested by risk managers we interviewed, was to make all risk management training competency based and setting KPIs to check for noticeable improvement in the quality of risk based decision making. Each training session should start and end with competency tests. Surveys should also be conducted one month and six months after the training to test for knowledge retention.
Develop certification programmes for employees in high risk activities
Another useful suggestion is to develop an internal risk management certification for employees working in high-risk activities. This will ensure staff working in high risk activities, like manufacturing, trading, insurance, security and others possess adequate risk management skills and remain cognisant of the risks associated with their work.
Certification programmes may be developed internally or outsourced. Depending on the high-risk activity the certification may be high level or in-depth, in any case it should test:
- Understanding of legal obligations;
- Awareness of risks in the workplace;
- Ability to make quality decisions under uncertainty;
- Understanding the protocol for communicating and escalating risks;
- Evidence of moral and ethical behaviour.
Use passive learning techniques
Make sure that risk management information is available to employees, contractors and visitors. Place Risk Management Policy on the intranet and the corporate website, record and publish risk management training or awareness sessions videos on the dedicated risk management intranet page.
Invite guest speakers (risk managers from other companies) to speak at the Audit Committee or Risk Management Committee and give employees the opportunity to participate. We have used this in the past and it worked very well.
Periodically post useful risk management related articles and research papers on the corporate intranet. Make the risk management information easily accessible to staff.
– – – – – – – – – – – – –
DOWNLOAD THE FREE RISK MANAGEMENT BOOK: https://www.risk-academy.ru/en/download/risk-management-book/
Watch more free risk management videos on http://www.risk-academy.ru/en/risk-management-video/ or subscrive to RISK-ACADEMY youtube channel https://www.youtube.com/user/alexausrisk