I’m all for being proactive when it comes to managing potential threats but you can’t beat a real event for really getting actions completed.

I am sure most of us have at some time or other been wrapped up in risk management reporting within organisations. Often this involves tedious, long winded methodology and paperwork and if your risk does not ‘make the cut’ nobody appears interested. This is all because nothing has happened, no one got hurt, the organisation is still here, there are bigger things to worry about – so ‘we’ll see you next month’. It feels as though you are wasting your time and simply going through the motions.

Last week I was on a skiing trip – occasionally this can be a high risk activity for myself and other folk within the vicinity but fortunately no mishaps occurred. It was noticeable that virtually without exception everyone was wearing helmets on the slopes which is a step change from even just a few years ago. The reason for this is the very unfortunate and sinister accidents involving some notable celebrities which, because of the fact the incidents made headline news, demonstrated to us all that the risk is real – it can, and has, actually been realised. As a consequence, behaviours have changed and actions have been taken but rather based on experience than any kind of risk assessment.

Things really liven up in the workplace when something sinister happens. Usually this is based around the COO demanding to know ‘how did this happen?’, ‘why didn’t we see this coming?’, ‘whose fault is it? and ‘who do I need to fire?’

The news coverage includes many instances of senior executives apologising for unexpected tragedies and promising to do everything in their power to prevent such an event happening again.

The irony is the risk was probably recorded somewhere on the risk register but maybe so low down in terms of likelihood it was being ignored. This is why risk managers have a tough job, it doesn’t matter what the likelihood is, if it’s your turn, it’s your turn, so you are going to get burnt. Telling the COO it was a ‘once in 50 year event’ won’t make them feel any better because it’s here and now – the stuff has hit the fan!

So what should we do? Is there an argument to say stop practising risk management and concentrate purely on actual events? I don’t think any of us would be comfortable going to such an extreme because our risk management interventions, whilst sometimes difficult to measure in terms of effectiveness, surely reduce the frequency of risk events and the impact therefrom. And besides we want to be proactive, to be preventative rather than reactive. Certainly the need to nowadays be resilient supports this view.

The fact of the matter is that risk management only goes so far in identifying potential events, it cannot predict the future, it merely estimates the likelihood and potential impact. This is why our organisations must continue to review incidents, risk events, near misses and crisis events, their own as well as those experienced by other organisations when they occur so that we learn and improve both in terms of prevention and response. This includes analysing trends and patterns of the lower impacting items as these may indicate an underlying cause requiring attention.

Finally, don’t stop your Business Continuity work – there’s always a risk that you are going to need it.

February 24, 2016 at 12:55 pm
Return to All News
Category: Crisis Management
Tags: , ,