Practical ideas: Create simple risk escalation mechanisms

Risks rarely happen overnight. There are usually signals, warning signs. Despite their best intentions, executives and most certainly the risk manager are often detached from the operational activities. And while it should be the risk manager’s goal to get involved and at least be aware of what is happening in the company, it is up to all employees to identify potential issues early and notify the decision makers.

Employees are an invaluable source of information on operational and emerging risks. Usually, junior and mid-level staff discuss emerging issues and potential threats freely long before they become public knowledge. To take advantage of this source of information, risk managers need to develop a simple and transparent mechanism for communicating and escalating risks. The company employees should be able to just make a phone call or send a confidential email or upload information to a secure intranet site to share their concern about a risk and/or any uncertainty.

It is equally important to promote these confidential channels and inform staff about their existence. Based on the interviews we have conducted, risk managers told us that while such hotlines are rarely used, their shear existence creates a trustworthy relationship between the risk manager and the business.



Build an anonymous message form on the intranet page dedicated to risk management
If your company has a whistleblower hotline add risk management issues to the list of problems covered
Create a dedicated email mailbox to receive information about emerging risks
Provide training on how to use all escalation tools described above (hotline, web, email)
Build awareness by presenting at staff meetings and developing posters to be shared around the office



RISK-ACADEMY offers online courses


Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!


ISO31000 Integrating Risk Management

Alex Sidorenko, known for his risk management blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.


Advanced Risk Governance

This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.