Modern enterprises are increasingly positioning the CISO, Chief Risk Manager, and other risk-focused leadership roles prominently within C-Suite decision making. It’s part of a trend toward elevating and centralizing the Risk Management function to address growing digital risks in the enterprise. Unfortunately, many firms still struggle to implement Risk Management throughout the actual organization. Among the biggest questions: Who, exactly, is responsible for collectively identifying and mitigating all the specific risks that pop up everywhere across the enterprise? Let’s take a closer look at how – while every organization needs to build its own programmatic response to that question – the underlying answer remains a fairly simple and holistic one: Risk Management should be a shared responsibility for everyone in the organization! A Collective View of Risk: Anyone Can be a “First Responder” The idea that everyone should be prepared to wear the Risk Manager hat during the course of a project doesn’t fit neatly into an org chart, but it’s a reality that SES and other companies at the forefront of Risk Management have come to accept: Vulnerabilities are so replete across most organizations today that everyone – regardless of role – is now a potential first responder against risk. This global view of Risk Management can be the foundation for proactive, reliable, and secure management of even the most sensitive and mission-critical projects. Consider, for instance, the SpaceX mission to the International Space Station in May of this year. The success of that mission served as a rare bright spot in a season of otherwise bleak news about Coronavirus. And, as SpaceX Mission Director Benjamin Reed explained in one of the pre-launch briefings, much of the success can be tied to a proactive and all-inclusive risk management culture. “Don’t take offense when people challenge your work; we encourage it,” he said in the briefing. “Anybody can raise a risk. We have systems in place that actually can allow anybody in the company to open up what we call risk tickets. And they have a direct line to senior leadership to say ‘Hey, I’m worried about this,’ up to the moment of launch.” As it happened, the launch was indeed delayed in the last few minutes of countdown because of an emerging risk flagged by someone on the meteorological team. The system worked, and the mission went ahead with a follow up launch and successful completion – so successful that it’s a featured use case in SES’s own internal Risk Management training curriculum. Making it a Reality with Personal and Organizational Responsibility To be clear, addressing and mitigating a known risk is a specialized task that not everybody is equipped to do; the shared responsibility we’re talking about here is to identify and report risks and issues. To enable such a universal response capability – organizations must build their own combination of the right processes, workflows, IT assets, and other programmatic elements. Thankfully, there’s no shortage of guidance from PMI and others on how to build such a Risk Management program. Yet whatever your particular organizational or project solution may be around risk, make sure that the role of identifying and reporting risks remains a collective responsibility. Also ensure that the responsibility is reinforced on both the individual level, where everyone knows to raise an issue or risk, and on the organizational level in terms of processes and procedures for the universal and actionable reporting of risk. Once identified, risks must be properly socialized across program managers, scrum level teams, partner networks, and other stakeholders. All these steps are easier said than done, but they create powerful ROI from a more holistic approach to risk management. It’s one that benefits from both centralized management and a collective accountability and commitment on risk across the entire workforce.
6 Comments
3/29/2021 05:18:50 pm
This was a helpful article about risk management. I want to make sure my business is safe. I'll think about hiring a risk management consulting firm.
Reply
12/1/2021 05:21:51 pm
Thanks for the reminder that everyone should be able to wear the risk manager hat. My husband is hoping to invest in new risk consulting services for his business since it's grown a lot. I think it'll be good for him to have other professionals to bounce ideas off of.
Reply
1/21/2022 03:30:31 am
EVM is a method of measuring actual work performed on a project, in a more robust way than simply taking a look at the project schedule and budget
Reply
1/21/2022 04:47:34 am
Primavera p6 is adaptable when it comes to planning a variety of tasks, thanks to a single platform that allows users to prioritize, execute, and track their work.
Reply
I like that you talked about an option wherein the employees can directly notify the management if there are risks they are worried about. I guess looking for a mazard mitigation software to invest in is a good idea if you own a company. Doing so will ensure that you can easily spot any issues to prevent accidents that can affect your operations as well as injure your workers.
Reply
6/23/2024 01:18:50 pm
This article highlights the importance of making risk management a shared responsibility across the entire organization. At Green International, we stress this approach in our RMP Certification courses in Qatar, emphasizing that everyone has a role to play in identifying and reporting risks.
Reply
Leave a Reply. |
Archives
May 2022
Categories |