How to Deal with a New Set of Risk Priorities
Three risk management alerts arrive in a CEO’s inbox. Which one gets the most attention?
In most companies, the misconduct allegation will be dealt with first and will be the only item among the three that the CEO feels a personal stake in.
Organizations with an unfavorable workplace culture are at unprecedented risk. The potential consequences, such as board of director dissatisfaction, reduced market capitalization and a social media backlash are greater than ever. The CEO’s job could even be endangered.
This shift in risk priorities reflects a change in the relationship between organizations – particularly large public companies – and society at large. It is the manifestation of a pushback against institutions that seem more powerful and unaccountable than ever before.
Many of the people involved in this pushback are employed by the same organizations they are speaking out against. Perhaps there was a time when employee and customer loyalty was a given, but now it is often replaced by emotional distancing, if not hostility, with no belief that the interests of each party are inherently aligned. Sometimes, there is a temptation to automatically take the other side of whatever seems to be in the organization’s best interests.
In this environment, once the incident report arrives on the CEO’s desk, it is too late. The time for action is before the event occurs. Given this profound and lasting shift, which is both symptomatic of and often driven by changes in technology, organizations face a new and more complex portfolio of risks at the same time that cost pressures are as high as ever. Yet, in most cases, the risk management function is reactive and still organized around yesterday’s priorities.
The risk management organization will either adapt and be part of the solution or be relegated to a lower-significance staff function under continuous threat of downsizing or reorganization. Here are some steps to ensure that the former, not the latter, occurs.
Act Before Events Happen
Emphatic and sincere action can minimize the damage of an inappropriate act, but it would be far more effective to preemptively take the steps to make sure the event never happens in the first place.
To reach this level, organizations need tools to understand what is happening throughout their business. An important aspect of this is to not wait for people to raise issues, but rather, take the initiative to preemptively gain insight into workplace experiences and observations.
Another essential aspect is not just giving people the tools to communicate, but rather, establishing a climate where people feel safe in escalating adverse situations, in promoting a culture that rejects inappropriate behavior in all its forms and taking decisive action when events occur.
Attach Action to External Trends
A common objection to preventive initiatives is that events of the type being prevented have not occurred within the organization or don’t represent a significant cost. But in the new climate, trailing or expected values aren’t a sufficient indicator of risk. The dialogue needs to be converted from an analysis of loss history to a discussion about consequences if such an event did take place. How, in light of the experiences of others, can there be a credible belief that the organization is not similarly exposed?
Risk Speaking Out
The organization’s perception of risk priorities, and mitigation possibilities, probably won’t change unless some initiative is taken. The risk manager needs to be willing to raise new issues, link future action to societal trends, and sometimes, get out of their personal comfort zone.
Get Educated
There isn’t a single forum or resource that can train risk managers in everything they need to know. But, in virtually every significant area of exposure, there is a wealth of information available to those who go seek it. The risk manager can add tremendous value by distilling this information down to its essentials while making it relevant to the organization and its leadership.
Embrace Technology
It’s not possible to effectively manage the entire palette of risk exposures without appropriate enabling technologies. Sorting through the many types and categories of tools, establishing a broad technology game plan and articulating why such tools are essential is now a high priority for any risk management function. An appropriate deployment will integrate with critical data sources, collaborate with (or replace) multiple existing tools, provide the foundation for analytical insight and give visibility to risk conditions before adverse events occur.
‘Given this profound and lasting shift, which is both symptomatic of and often driven by changes in technology, organizations face a new and more complex portfolio of risks at the same time that cost pressures are as high as ever.’
Don’t Wait for the Future
Most societal trends don’t arise overnight. It’s not necessary to have all the answers, but it is extremely important to build awareness over time of what such trends could mean for an organization’s risk exposures. Valuable insights can and do arise from high-level dialogue with organizational leadership, while support is built for timely and insightful action.
A Final Thought
We are witnessing a set of social trends that, as recently as five years ago, mostly either didn’t exist or were not a prominent discussion subject. Those trends include COVID-19, #MeToo, Black Lives Matter, data privacy, cyber breaches, the shift to a gig economy and grievances arising from further skewing in the distribution of personal income. It seems likely that although these issues will still be discussed five years from now, they will be joined by a new set of priorities.
Though these future particulars are unclear, it is most doubtful that current social trends will utterly reverse, that the risk landscape will be simpler rather than even more complex or that the risk manager no longer needs to adapt to ongoing change. This new reality needs to be the foundation for every risk management practice. For the risk manager, investing in the future of risk is a permanent high priority and a strategic imperative.
Pearce is the chief risk officer at Aclaimant. Aclaimant provides safety and risk management services to businesses covering light industrial staffing, commercial construction, real estate, and hospitality industries, as well as empowering insurance brokers and agents with value-added tools for their commercial customers.