“We will re-look at that when things return to normal?”
This or a similar statement is commonly heard these days and clearly indicates that many people have not yet come to terms with the fact that we have no idea what the new ‘normal’ will be. Now is the time for Risk Management professionals to make themselves heard and become the trusted advisors in their respective organisations.
No one really had a ‘Pandemic with extended country wide lockdown’ risk in their register. Yes, some organisations may have identified a risk of disease outbreak or possibly an epidemic, and even if a few organisations had considered a pandemic risk the sheer scope and resulting damage was definitely not envisaged. Let’s put it down to lessons learned in the knowledge that failure is not the end of the road. We don’t change the objective or goal – we change the plan along the way and for that to happen we need more regular risk assessments and the ability to measure.
Particularly now we still need to be aware of all the aspects that influence our risk decisions such as key indicators, incidents or near misses and most importantly the resulting action plans. That’s where software starts making sense – the need for one central repository for all risk management related activities, dynamic linking and notifications/escalations for the required actions.
Now is an opportune time to pay more attention to key indicators as the lockdown restrictions have exposed a number of new knock-on effect risks. Key indicators are critical for monitoring risk exposure and raising awareness through timely notifications. An automated risk management system allows for a comprehensive view by incorporating key indicators and incidents into the risk assessment process resulting in more valuable report data and detailed audit trails.
Incident management is often thought of as a health and safety activity, but a well-constructed and widely used incident management system is a valuable asset not only to a risk manager. When the organisation acknowledges and communicates back to the employee who logged the issue the benefit is twofold – the employee feels valued, listened to and keen to continue and the organisation gains insight into incidents happening that they may not be aware of. A good quality risk management software solution will have integrated key indicator and incident management functionality and this is again where software enables the process to be automated and easily maintained.
When both key indicators and incident management are effectively used together another key benefit is realised – near misses. Very little attention is afforded those events that nearly happened or a key indicator threshold that was nearly breached and this is where critical information is being overlooked. A culture of support for employees who have recorded a near miss, ongoing risk awareness training and a centralised system will result in more awareness of how seemingly unimportant occurrences are related and can be managed, thus reducing the risk profile of your organisation. An embedded risk culture together with a centralised system will enable you to connect the dots and prevent or at least mitigate / plan for nasty surprises
Finally, all of the above is of little use unless actions are allocated to accountable people. Again the benefit of a centralised software system is realised when action plans can be captured, assigned, escalated and measured – all with a comprehensive audit trail. Incidents can be captured and key indicators can be triggered, but without the ability to notify the designated action owner and track progress, resolution and accountability will fall by the wayside..
What to focus on now:
In conclusion, I think the following quote by Rahm Emanuel, the former Mayor of Chicago sums up what needs to be done: “You never let a serious crisis go to waste. And what I mean by that it’s an opportunity to do things you think you could not do before”.
Author – Warrick Asher, May 2020.