Risks rarely happen overnight. There are usually signals, warning signs. Despite their best intentions, executives and most certainly the risk manager are often detached from the operational activities. And while it should be the risk manager’s goal to get involved and at least be aware of what is happening in the company, it is up to all employees to identify potential issues early and notify the decision makers.
Employees are an invaluable source of information on operational and emerging risks. Usually, junior and mid-level staff discuss emerging issues and potential threats freely long before they become public knowledge. To take advantage of this source of information, risk managers need to develop a simple and transparent mechanism for communicating and escalating risks. The company employees should be able to just make a phone call or send a confidential email or upload information to a secure intranet site to share their concern about a risk and/or any uncertainty.
It is equally important to promote these confidential channels and inform staff about their existence. Based on the interviews we have conducted, risk managers told us that while such hotlines are rarely used, their shear existence creates a trustworthy relationship between the risk manager and the business.
HERE IS A QUICK CHECKLIST TO TURN THIS SECTION INTO ACTIONS
| ☐ | Build an anonymous message form on the intranet page dedicated to risk management |
| ☐ | If your company has a whistleblower hotline add risk management issues to the list of problems covered |
| ☐ | Create a dedicated email mailbox to receive information about emerging risks |
| ☐ | Provide training on how to use all escalation tools described above (hotline, web, email) |
| ☐ | Build awareness by presenting at staff meetings and developing posters to be shared around the office |
USEFUL VIDEOS
| https://www.youtube.com/watch?v=PlRccHASvEU |
Check out other risk management books
RISK-ACADEMY offers online courses
Informed Risk Taking
Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!
ISO31000 Integrating Risk Management
Alex Sidorenko, known for his risk management blog http://www.riskacademy.blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.
Advanced Risk Governance
This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.
