Grant Purdy and Roger Estall have recently published a book on decision-making called Deciding. Written to help decision makers (they call them Deciders) to make ‘even better decisions’ it goes directly to the two big challenges for every Decider – ensuring that each decision will contribute to (rather than detract from) achieving the purpose of their organisation, and being sufficiently certain that the outcomes that result from the decision, are those they intend.
If ‘risk management’ isn’t helping Deciders to consistently and competently apply the universal decision-making method, then for those organisations that are on the ‘risk management’ path, it makes sense to simply shed that millstone and focus on consistently achieving sound decision-making. But how to do that, especially if
there has been substantial financial, cultural and emotional investment in the ‘risk management’ edifices?
Irrespective of how far the adoption of ‘ risk management’ has proceeded, the follo”ing generic steps can be used to dismantle the ‘risk management’ edifice although each organisation “ill have to have regard to its own particulars:
1. Make the decision in principle to discontinue application of ‘risk management’.
2. Prepare an inventory of all aspects of the organisation’s ‘risk management’ architecture.
3. Identify any direct connections between elements of the inventory and other aspects of the organisation’s management and governance activity (for example, monthly reporting, recruitment, delegations, strategic and operational approval procedures, audit activity, compliance obligations).
4. From 2. and 3. above, apply the universal method to tentatively identify the specific actions needed to eliminate each aspect of ‘risk management’ architecture (which, particularly in large organisations, could include dis-establishment of positions, albeit with associated HR implications) and a tentative timeline and success measures. The monitoring arrangements incorporated in this plan should allow progress to be tracked, variances identified and unforeseen issues to be resolved.
Check out other risk management books
Communication and consultation
5. Develop a succinct explanation of the purpose and scope of the changes for use in internal and external communication.
6. Using the output from Step 5, consult those likely to be affected by various aspects of the changes. This will include both individuals within the organisation and internal functions such as IT and Human Resources support and, if ‘ risk management’ activity is needed to satisfy compliance obligations, the relevant agencies or parties.
Refinement and execution
7. After considering feedback from Step 6, finalise Steps 2 , 3 and 4 and obtain any approvals that may be required (e.g., approval of the Board to amend policies, or regulatory agencies to obtain acceptance. of the changes).
8. Communicate the implementation plan to internal and external stakeholders and conduct briefing and training for members of the governance structure (e.g. directors) and management.
9. Monitor progress against success measures and against any changes in context over the period of implementation.