7 Keys to Effective Risk Management

Risk management, like quality management, does not operate well in a vacuum. Yet that seems to be the way many companies operate. They perceive risk management, like quality management, to be a necessary evil, at best. At worst, they believe risk management is the parent of bureaucratic inefficiency, taking everyone’s eyes off the prize. Or, it causes more problems than it solves.

I’ll give you an example: Sarbanes-Oxley is one of the least well received pieces of legislation. It instantly made a huge class of potential criminals out of well-run, ethically minded public businesses. Your company didn’t misbehave but suddenly it was on a long list of possible suspects. Ironically, the US government saw risk where there was none.

Even when the US Congress decided to allow for risk-based internal controls in SOX – ostensibly, to lighten the financial and other burdens of investigation (auditing) and reporting – they focused too much on high-risk situations, not giving much weight to the subjective nature of risk assessment (i.e., you say it’s risky, I say it’s not) or to a holistic approach to risk management.

Capitol building, home of the U.S. Congress

Effective risk management cannot be legislated into existence any more than common sense can. For your organization to manage risk effectively, risk management must be an essential, integral part of your operations. It cannot be one person – the Risk Manager – running the entire show on an “as needed” (i.e., when we get around to it) basis. Risk management has to be systemic and ongoing. It has to permeate the entire organization.

Consider the following points:

  1. Your risk manager will function most effectively with the support of the entire organization. Top management must communicate the importance of managing risk throughout the organization.
  2. Everyone in the organization has a unique perspective on risk. Ensure that all employees have input to management, that employee input is not filtered by management biases or preferences, and that employees are encouraged to participate. Let them know their opinions are being heard and are valued.
  3. Allowing everyone to participate gives everyone ownership of risk management. Every employee has a stake in the outcome – no one is “along for the ride”. Let every employee play an active role in risk management.
  4. Top management must be inclusive where risk management is concerned. There are fewer than 24 hours in a workday, believe it or not, and even if there were 24 hours (or more), no one can do it all. Leverage the skills and knowledge of your employees
  5. Train everyone, to the extent possible, on the concepts of risk and risk management. Show them how to spot risks and deal appropriately with them. Make sure employees know what risks they face in their day-to-day operations and the impact they may have on the business.
  6. Be sure to measure and monitor risk management activities/efforts. Continually analyze and evaluate your risk controls.
  7. What worked a decade ago – or even last year – may not work today. Don’t think your risk controls are final and forever. Change is the one constant in business – better to change than be changed.

These are some of the keys to risk management in your organization. By no means is this an all-inclusive list or does it have enough detail. Exactly how your organization practices risk management is a product of your unique situation and needs.

If you remember one thing, it should be this: risk management doesn’t work well – if at all – in a vacuum. You need someone to lead your risk management efforts, sure, but everyone in the organization has a part to play. Make the most of all of your resources and you’ll be amply rewarded.


We help small businesses improve their efficiency and effectiveness. Whether you're selling a product or a service, we'll show you how you can improve product and service quality, effectively and affordably. If you need quality, environmental, or health & safety management but can't afford a full-time manager or staff, call on Q9C and we'll pick up the slack. For information or a quote, call or write. Subscribe to the Q9C blog while you're at it.

Tagged with: , , , ,
Posted in Risk Management

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: