Best practice for managing organizational risk

31 Mar 2020 10:56 AM

Blog posted by: Allan Thomson – PPM Product Ambassador, AXELOS, 31 March 2020.

Section of flowchart with 'RISK?' at centre of cell and arrows leading to 'YES' and 'NO' on desk next to calculator, pen and pair of glasses

How do organizations identify and mitigate risk at a time of international emergency, like the current Coronavirus (COVID-19) pandemic?

In the circumstances affecting countless enterprises, leadership must find a way to keep “business as usual” going and people functioning while in a completely unique and alien situation.

And what senior executives need to acknowledge is the importance of risk at the corporate, strategic level and how – when risks become issues – they can threaten the organization’s strategic objectives and, at worst, its existence.

The size of an organization doesn’t matter; managing risk must be principles-driven to protect the enterprise. Therefore, the Management of Risk (M_o_R) best practice guidance is principles-based and designed to treat risk as a strategic management discipline.

Managing risk at a time of COVID-19

Right now, in the context of the current pandemic, managing risk begins with individual behaviour: complying with Government instructions to avoid becoming ill, spreading the virus and averting further fatalities.

Organizations are also facing new risks, such as shutting down their operational sites and having employees work remotely.

To understand what the risks are and how to mitigate them, leaders should compile a risk register – basically a tool to document risks – which is designed to “record uncertain events that would affect one or more business objectives”. This should identify and prioritize risks, including:

For example, the risk register could include information such as:

Having identified several risks in the current climate, organizations need to mitigate them:

Promoting social wellbeing

Organizing online meetings or one-to-one chats with line managers or simply phoning team members to ensure they’re OK are key actions to ensure a business is looking after its people in uncertain times.

Facilitating online working

Though people need to be patient in an abnormal situation, organizations need to ensure their IT systems can handle the volume of people logging on remotely.

Communicating

It’s important to have a clear point each day or a weekly update when senior management will know exactly what they need to tell their employees/stakeholders and share that information, ensuring it’s both relevant and current.

A question I’ve sometimes heard in relation to managing risk is: “Why are we doing all this risk stuff? It might never happen?”

Nobody can predict the future, which is precisely the point of preparing for and managing risk. If risks become issues, and organizations are ill-prepared, they will ultimately pay for it; not only with dollars and cents but also their brand reputation.