Risk Never Sleeps
Most have heard the expression “rust never sleeps”. That expression highlights the fact that the oxidation of metal, the process which ultimately creates rust, continues to take place day after day, day or night, whether we are there watching it happen or not. Risk within an organization is much the same way in that it is dynamic and continuously changing. It doesn’t wait for us to “finish this project” or “return from vacation”. In most companies risk is all around us, taking many shapes and forms, and emanating from a multitude of sources.
Fortunately, not all of the risk around us is catastrophic or fatal. We have the ability to continuously assess the probabilities and severities of various risks and can formulate strategies to mitigate or manage those risks in a prioritized fashion. While many companies do this quite well, they may also find themselves playing the “whack-a-mole” game with their risks. This happens when we place an inordinate level of focus, effort, and resources on the single, highest profile risk issue in front of us, while other risks that were somewhat benign are allowed to grow unchecked into the next big issue.
While this reactive approach is sometimes hard to avoid, there are some measures and tactics companies can put into place in an effort to minimize the amount of “risk rust” that grows while we are sleeping (or otherwise preoccupied!):
- Establish operational systems and processes that are designed to identify and evaluate risk as a function of everyday decision making. Once these are engrained throughout the operation, it is much tougher for risk issues to stay hidden.
- Use sound analytics to monitor and measure. While many analytical tools and resulting scorecards are considered “lagging indicators”, they can still be powerful tools in identifying problem areas early on. Additionally, predictive analytics can be very effective in identifying trends and common threads that have historically led to risk problems so they can be anticipated and addressed before they even have an opportunity to develop.
- Work toward a culture where risk management is an organization-wide accountability as opposed to being confined to the risk management team - create risk management stakeholders and champions across the organization.
- Empower associates at every level of the organization to “own” risk management and provide avenues by which risk issues can be easily communicated – then have a solid process for action and/or feedback in response.
In short, it pays to think in broader terms than just the issue in directly in front of you, the one that is out in broad daylight. Think strategically about tools, resources, and procedural enhancements that can help in spotting and eradicating those areas of “risk rust” that aren’t yet in plain sight but which are eating away your profits.