There are many reasons why risk management often fails to get acceptance in a workplace, but one of the main reasons is over-engineering it. Read on to find out how to provide staff with the sort of risk management tools that they will want to use – and thereby make time for the benefits risk management generally.
“Not off to a good start I thought to myself“. Brian was a mid-level manager at a high-security, high-risk, bio-hazard facility where I’d been asked to conduct a safety risk analysis. Brian’s attitude wasn’t typical of the people at this location - we were there to follow up on the findings of a coronial inquest – but it’s an attitude I’ve heard all too often in my career. It wasn’t that Brian was unmoved by the death of his co-worker and he understood the ‘why’ of risk management, but he was a typical overworked manager who simply hadn’t been shown much in the way of ‘appropriate’ risk management. Spend enough time in risk management and you’ll hear a million variations of “I’m busy enough as it is and this stuff is too time-consuming to use in my day-to-day work anyway”. Even I will admit to having this attitude to risk management many years ago after having ill-conceived and impractical safety training rammed down my throat – until I discovered the risk management continuum.
Brian’s comments about risk management being too complicated were less a failure of risk management than a failure of imagination. In the end I managed to bring Brian around to being a fan of risk management (or at least to showing a little interest) which later translated into a few business changes in his department. Paraphrasing our discussion somewhat, these are the key points that we discussed:
It’s all about picking the right size tool for the job. Trying to apply every section of ISO31000 to risk managing a staff training day is like trying to crack a walnut with a 20-tonne hydraulic press. Sure you could do it, but you’ll spend a lot of time at it and you’re not likely to get an edible result. Over the years that I’ve been doing this, I’ve collected a grab bag of tools, which when put into context give us a hierarchy of tools or what I call ‘the risk management continuum’.
These tools range from the very simple to very complex and take correspondingly different expertise, resources and time to do. At it’s simplest; you can do a risk assessment on crossing the road in a matter of seconds while an enterprise risk plan may take a team of people several months to complete.
Before introducing the tools illustrated above, it’s worth emphasizing that these are only examples of tools that you might choose to use. Even if you like the concepts there is no reason why you need to keep the names, but they could be a good place to start:
The book will spend many pages looking at the more involved risk tools on the continuum but here is a quick summary of the various tools.
‘Take 2’ is simply an easy to remember name for the process of taking 2 minutes (metaphorically or literally) to consider the risks associated with an activity. It’s an ideal tool for a quick risk assessment before moving a filing cabinet or plugging in new equipment for example. An individual might use it before pressing ‘Send’ on an email to your boss or a client and spend two minutes considering the risks or opportunities (eg: Could this be a Career Limiting Move, Is this a good email to share with a colleague). Equally, in a group activity someone might suggest, “hang on, let’s Take 2” before collectively moving a desk. The process of taking 2 might in the latter example get the group thinking about moving some boxes out of the way or allocating someone to hold a door.
Step back 5 paces (metaphorically or physically) and spend 5 minutes considering, discussing and documenting risks and risk treatments. A simple example would be two tradesman drilling a hole to hang a whiteboard. A 5×5 might raise questions like:
A Stepback 5×5 is something that might be documented informally in a notepad and then shared at a toolbox meeting but it isn’t just applicable to tradesmen. It’s equally useful for strategic management where for example, a Board of Directors are making a decision or even documenting the agreed decision. The discussion around a quick Stepback 5×5 to consider the bigger picture might reveal a host of issues.
- Is this activity/project necessary to achieve organizational objectives?
- Has an adequate risk analysis been done and have the measures that have been identified to reduce the risk actually been implemented?
- Are adequate contingency plans in place if things go wrong?
- Have briefings and training been done including for when things go wrong?
- Are those involved in leading this activity experienced and qualified?
- Are our people involved qualified and trained to participate in this activity?
- Are our tools and equipment in good working order, well maintained and ready?
- Has there been adequate build up of skills among the team prior to this activity?
- Do I have checks in place to monitor and review the activity after it has launched and to amend if necessary?
- Am I, as the team leader or manager, satisfied we are prepared to do this activity/operation?
A formal risk plan involves as the name suggests, a comprehensive documented risk assessment leading to an endorsed risk treatment plan. In this respect it is little different from a project risk plan or even a Job Risk Analysis. I’ve separated it out here between a Project Risk Assessment and Complex Risk Assessment because a) it’s the type of risk assessment that most managers will do in their working life and b) although relatively sophisticated, it often has a defined scope. Eg: OHS Plan, Divisional risk plan, security plan, etc.
At this level, we’re starting to get into a whole new level of complexity. This is the domain of enterprise risk management or project risks of the scale of building a space shuttle. The risk management process remains the same, but before even attempting this, you absolutely must have the following elements in place:
So there you have it… The Risk Management Continuum – the secret of any craftsman’s success, having the right tool for the job