Risk management should be inclusive. Appropriate and timely consultation and involvement of stakeholders enables their knowledge, views and perceptions to be taken into account which results in improved awareness and informed risk management and decision making.
Recording and reporting provide a means of communication that facilitates the integration of risk management across organizational boundaries and communicates information concerning risks to stakeholders. Risk communication can be an efficient tool for demonstrating the effect of risk management on organization’s overall objectives.
Management and staff speak common risk language
Mature organizations try to reach consistency in understanding risk management terms and definitions across the business units through awareness campaigns, training and ongoing internal communication.
Reviewers should discuss risk management with several employees with various experiences to assess their level of awareness of risk management objectives, the differences between proactive risk management and crisis management and their level of familiarity with the key terms and definitions.
Reviewers should also check whether risk managers speak the business language, not “risk speak” when engaging senior executives. Terms like risk appetite, risk registers, Monte-Carlo simulations may be fine when talking within the risk team or speaking with the CFO but need to be adjusted when talking to, for example, head of production or marketing team.
The results of the risk analysis has to be presented in EXACTLY the same way the decision is being discussed. If an investment decision is made based on NPV and IRR – then risk manager has to bring to the table new calculation for NPV and IRR based on risk analysis.
If the decision is discussed in terms of schedule and budget – the risk manager needs to calculate and bring new schedule and budget with risks incorporated.
High, medium, low is not going to cut it if you are serious about integrating risk into decision making.
– – – – – – – – – – – – – – – – – – – – – – – – –
This is an extract from a comprehensive G31000 risk management maturity model.
Interested in buying the full G31000 risk management maturity model? Click here or contact me directly if you want me to perform a quick gap assessment at your organization or you need help to integrate risk management into a particular business process or decision.