OK – the list is just some of the observations I have made and is of course not complete – but hey what don’t you do for a catchy headline?
These are some of the positive (side) effects that I have seen come from implementing a structured approach to managing risks:
Awareness – The increase in awareness you can create internally in an organisation is the most important gain. People start discussing what makes a threat and how dangerous it really is (risk). How the organisation’s objectives are tied to potential risks and how managing them can either allow them to reach their objectives or even gain competitive advantage by doing so. Awareness is still one of the most important factors if you want to manage risks because it all comes down to affecting human behaviour and when people gain an understanding of potential risks based on facts and feel they are heard and involved in a “bottom up”-approach they are much more likely to adapt their behaviour and embrace “corporate policies” because they are partly their own.
Resources – Mapping potential risks and discussing which to counter to which degree is basically a discussion about prioritising resources. The process gives organisations a clear picture of what is at stake both in terms of impact (people-assets-reputation) financially and in terms of business strategy, which allows them to make informed decisions on what risks to take and how to mitigate them. The decisions should be compared to the objectives of the business and either support reaching them or setting new ones.
Focus – When you are making an effort to know your current and emerging risks and how to handle them it gives a calm and overview that allows the organisation to focus on their key objectives – delivering the services and products to their customers, which to my best knowledge risk management is all about supporting!
What are your experiences? Any points I have blatantly left out? (Read the comments on LinkedIn)