Top Tips for Facilitating Effective Risk Workshops

If you are a risk manager or have been given the unenviable task of looking after your organisation’s risk process, chances are you’ve had to schedule a risk workshop.

Whether designed to identify and assess new risks or review and update existing risks, there’s a high probability that you’ve been met with a few groans and declined invites.

If this sounds familiar, then there are a few things you can do as a facilitator to increase engagement, improve the value of your workshops and ultimately help achieve your goal of supporting better-informed decision-making.

  1. Know Your Aims

Risk management as a discipline is guilty of over-complication, which extends to the use of the phrase ‘workshop’ to describe risk meetings that aren’t just about risk identification. Before we can have a successful risk meeting we have to understand what the point of it is, be clear on what we need to achieve and why we need to achieve it. Sounds obvious, but too many risk managers fall into the trap of just using risk meetings to generate lists of risks, rather than appreciating the wider opportunity to develop shared understanding of risks and their responses through targeted risk-based discussion.

In order to truly derive benefit from our risk meetings we have to step back and recognise the opportunity we have to integrate risk thinking into high-level discussions. These meetings may be one of the only opportunities in the whole month to get people thinking about risk. Simply using the sessions in order to tick the boxes of the risk process is not the best use of anyone’s time.

As risk managers we are effectively facilitators and advisors. Spoiler alert – we don’t manage risks ourselves. To add value as advisors we must understand that we are there to help the organisation understand their risks so that risk-thinking can be embedded at the heart of corporate decision-making. All our practices, including our meetings, need to have clearly articulated aims which help support this over-arching objective. If we don’t have clear and effectively communicated objectives for our risk meetings then they can quickly descend into out-of-control technical debates between SMEs and before you know it, 2 hours have passed and you’ve only discussed 3 risks.

Prior to the meeting we have to make sure that everyone knows what the end goal is, we need to re-enforce this in the introduction and we mustn’t be afraid to halt and re-direct discussions should things start veering off course. Our primary role as facilitators is to direct discussions to best meet ours, and the organisation’s, objectives.

  1. Know Your Audience (and what motivates them)

Let’s face it, risk meetings aren’t always top of people’s lists when it comes to favourite ways to spend time. Trawling through risk register print-outs and poring over heat maps has gone some way to damaging risk management’s reputation. We potentially compound this by forcing our audience to answer questions that they don’t necessarily want to answer. Do they really care if the risk management database doesn’t get updated? Do they really care if a step in the monthly risk process doesn’t get a full tick? No, and they arguably shouldn’t. Our audience will be motivated by the opportunity to discuss the uncertainties facing the business and how they are incorporating risk thinking into their day-to-day roles.

We also need to start making these sessions practically more engaging. With the increased availability of visualisation software we have an opportunity to go some way towards mending risk management’s stale reputation and increase engagement with our process.

Take a look at this article, by William Foulds of Redstone Risk Ltd, on using risk information to enhance partner relationships and how we can use visualisation technology to support and add value to the risk process.

  1. Know Your Owners

It is essential that risk meetings are attended and informed by those best placed to utilise risk information when making decisions. This usually includes a collection of executives, senior work package managers, commercial leads and various subject matter experts (SMEs). It can be a challenge to get all these execs and project staff members to attend the same meeting – both logistically and motivationally – so we need to be realistic about our numbers. These larger risk meetings are a chance to play back to the execs the updates from our 1:1s with our risk owners, so it is important that we help our risk owners to be as well-informed as possible prior to these larger sessions.

The owners in attendance will be expected to provide an update on their risks. Effective risk managers regularly meet with their risk owners either in formal reviews or through informal 1:1s to talk through their risks, help them prepare for meetings where risks may be discussed and to ensure that they are familiar with the content and format of their risk information. This not only enables them to confidently talk about their risks but also strengthens personal accountability for managing risk and ultimately leads to better engagement with the risk process.

Ensuring that all the risk owners have a good understanding of their risks prior to the meeting avoids the common sight of owners hurriedly skipping through the risk register in an attempt to swat up on their risks, which reduces the quality of discussions and ultimately the value of the session.

Some Benefits of Effective Risk Meetings:

  • Regular risk meetings help ensure the most up-to-date risk information is readily available at specific decision points.
  • Risk meetings foster a shared awareness of potential future barriers to meeting objectives as well as any potential opportunities for enhancing them.
  • Open and honest discussions ensure that risks are effectively communicated and understood by all decision makers, going some way to effectively re framing those decisions within the context of delivery and/or corporate risk.
  • When risk meetings are attended at the right level by engaged attendees, personal ownership and accountability for risks and their responses is developed, helping to ensure targeted risk controls are in place and actions are carried through to completion.
  • Risk meetings lead to greater understanding among executives and key delivery personnel of the risks that are above the organisations risk appetite and require pro-active management, helping to avoid sudden shocks.

What do you do to ensure your risk meetings are as successful as possible? Join in the discussion

Gareth Day

Gareth is a Consultant at Redstone Risk Ltd, helping companies manage uncertainty and complexity more effectively through information and visualisation technology. You can follow Redstone Risk on LinkedIn or on Twitter @redstoneriskltd Gareth has experience predominantly in the Defence, Nuclear and Construction sectors. He is qualified with an MSc in Management and holds the APM PMQ as well as a Graduate Diploma in Law and a BA(Hons).