If I asked you about risk, your first thought might be of insurance, security, safety, or a specialized person that deals with risk at your organization such as a risk management team. It could even be about personal risks to you such as those faced when investing, parenting, or driving on the road. If I asked you what might go wrong on a camping trip to Alaska, you would immediately tell me things like bears, lack of food, frostbite, injury, or getting lost. If I asked you about the value a home alarm system, you will probably tell me that it deters break-ins, detects fires, and allows you to monitor your home.
If I asked you about what risks you see at your job, you may not feel comfortable answering. Maybe the concept of risk at work is outside your normal job description. Regardless of your current professional stance on risk, the fact is that we are all able and capable of assessing risk in our organization, but we often don't feel like it is a vital part of our jobs. You and I are always assessing risk and understanding our role in processes and organizations. We just don't know we are doing it all the time. When you make a decision about signing a form, what are you doing? When you decide to take one course of action against another, what are you doing? When you train someone to do a job well, what are you doing? In all of these cases, you are inherently understanding, assessing, and applying risk management principles.
The ability for multiple individuals to provide input is one of the foundations to Gradient's approach to risk management. Being a part of assessing risk is not simply a job left to the management team, but a process where many throughout the organization can play a role. In fact, it is very important to receive input from a variety of perspectives throughout any organization. Each person has different experiences, different abilities and personalities, and different ways of seeing the organization. It is because of this that a good risk management process needs input from a variety of sources.
Gradient's risk assessment process solicits input from several levels down into the organization, summarizes that input, and allows the management team to utilize and act on that input. At whatever level of your organization, here are a few key questions to ask regarding your organization and process risk. I would encourage you to ask them regularly with your teams and organizational leadership.
· How often do I think about the risks to the processes, departments, and groups that I am involved in at my organization? Is that enough?
· Looking back on processes, have there been instances where a failure or process breakdown occurred? What risks weren't mitigated to allow that to happen?
· What risks do I think could occur in the processes and/or departments I am involved in? Do we have processes in place to minimize those risks? If not, what should we do?
· Do I ask questions to other leaders, my direct reports, and their direct reports about the issues, risks, or failures they see in the organization? Do I seek out input from others on their suggestions and observations?
· Does our management team understand and address larger organization-wide risks?
· Are key organization-wide risks connected to processes that help mitigate those risks?
· Does your organization, department, or team have a strategy for using data (electronic, KPIs, etc.) for monitoring and responding to key risks?
If you want to learn more about Gradient's enterprise risk management (ERM) services, please use the contact form on our site or email firstname.lastname@example.org. You can also review the latest Committee of Sponsoring Organizations (COSO) ERM executive summary at www.coso.org. Thanks for reading!