How Can We Improve the Way We Do Risk Management?

We all know we are exposed to an increasingly complex environment of risk and uncertainty, we hear it all the time. But do we know how to respond to it? If we are honest with ourselves, do we even know how to understand it? One way we can start to do this is by improving the maturity of our risk management activities.

 What is Risk Management Maturity? 

If you are doing the same things you were doing ten years ago then chances are, you’re not getting the value that you should be from your risk management activities. If this sounds familiar, then you probably also experience high levels of disengagement and limited support for risk management across your business.

We can often recognise the problems that are indicative of a lack of maturity. Risk management siloes, inconsistent processes and outputs that offer limited value to decision makers, but what does mature risk management look like?

Fundamentally, mature risk management is all about recognising that the end goal is not about avoiding risks. Instead, the focus is on helping decision makers make better informed decisions by better understanding their uncertainty and complexity.

In my opinion risk management maturity relates to the sophistication of an organisation’s understanding of their risk environment and the extent to which risk thought is embedded into business decisions. If your risk management activities are designed to maximise these two elements, then chances are engagement will be higher and you will enjoy greater support throughout the business.

What Does Mature Risk Management Look Like?  

The truth is that risk management is changing; we are driving towards a future where it is genuinely valuable to execs and senior leaders when making decisions in uncertain environments.

We are leaving behind the complicated processes, artefacts and language of the past, and maturing our understanding of what it really means to ‘manage’ risk. This shift begins with an understanding that risk management isn’t really about managing risks at all; it’s about enhancing performance by embedding risk thinking into business decisions. 

In my opinion, the most successful businesses we’ve worked with are those that embed risk-based thinking in to both operational and strategic business decisions every day. These organisations do this without really realising it – they have reached a high level of risk maturity.

So how do they do it? Well, a good starting point is to identify the information and analytic outputs that are genuinely useful and separate them from those that offer limited value. Instead of producing lots of data and reports that would fit into the latter category, we need to focus on improving the valuable outputs by making them more visually engaging, easy to understand and available to decision makers at the point of need. We must move away from the complex meta language of common risk processes and speak in plain English to increase engagement and seamlessly integrate with existing operations and processes.

The future of risk management is one where emerging developments in technology are harnessed to improve the communication of our risk data. Data visualisation is not just a ‘nice to have’ or an afterthought, it is a necessity; the next generation coming through are expecting to make decisions using highly visual, dynamic toolsets not the old tools and processes that still dominate much of what we do.

Gareth Day

Gareth is a Consultant at Redstone Risk Ltd, helping companies manage uncertainty and complexity more effectively through information and visualisation technology. You can follow Redstone Risk on LinkedIn or on Twitter @redstoneriskltd Gareth has experience predominantly in the Defence, Nuclear and Construction sectors. He is qualified with an MSc in Management and holds the APM PMQ as well as a Graduate Diploma in Law and a BA(Hons).