Every organization faces risks; it is part of doing business. Managing risks well, allows organizations to focus on what they do best. Managing risks is no different than looking ahead, anticipating uncertain events and taking the necessary measures for them. In other words, not hoping they don't occur, but making sure you are prepared when they manifest themselves.
There is no one-size-fits-all solution to risk. As organization-specific as opportunities are, so too can risks be specific. While the measures to be taken may be the same where general risks that every company faces are concerned, the elaboration is often very specific. It has to be, since no two companies are the same. This calls for an approach that fits the culture of an organization and its employees.
Every company has objectives they want to achieve. When formulating the objective, it is important in the same process to examine the threats that may hinder the achievement of these objectives. These are the risks for which control measures must be formulated. In this way, the company is prepared and the objectives are still achieved.
There are many ways and sources to identify risks. Past incidents and errors, results of audits, analyses of processes and often interviews with various employees throughout the organization provide potential risks. In some cases, sessions are organized in which a group of employees name all the risks that arise with them. In doing so, it is important to involve delegates from different departments and different levels within the organization.
Then the risks are aggregated, classified by type (e.g., Business, Compliance, IT, Financial) and by degree of importance (High-Middle-Low).
The process that follows is to properly describe the risks, making clear cause and effect and their relationship to the objective threatened by that risk.
Only then can the assessment of existing management measures and formulation of additional management measure be done.
New insights always lead to adaptation and sharpening of methods and techniques. But often events in society lead to increased attention to a certain category of risks and thus additional (legal) requirements that organizations must meet.
The real estate frauds led to additions to frameworks that were specifically aimed at preventing and detecting fraud. But not only in the real estate sector have measures been added and processes adjusted and internal and external supervision tightened. Incidents related to money laundering also lead to tightening of processes within financial institutions and training employees to adopt a critical attitude.
The corona crisis and additional events also lead to sharpening of risks, the risk of a pandemic was always part of the set, but little or no attention was often paid to this. So the risk of a pandemic was not a so-called "black swan," but was mostly waved away by managers, because of the low probability of occurrence. That tendency is more prevalent anyway for risks with a low probability of occurrence, even though the impact can be substantial, when the risk occurs. Hopefully, we learned from the Covid-19 pandemic. Working from home, new ways of leadership and staying in-control will, if all goes well, have their impact on risk management in the near future. I will elaborate on this in my next blog.
Peggy van Glaanen
Associate ARC People
Want to stay informed? Then follow ARC People on LinkedIn or sign up for our newsletter.