How to get everyone to consider risk in every decision — and why that’s crucial to long-term success.

Many organizations are prioritizing agility and adaptability by building risk awareness among all employees, not just those with “risk” in their title. Pushing risk responsibilities out to the edges of an organization helps quickly identify changing conditions and take corrective actions to mitigate emerging threats before they can escalate into something more harmful.

Risks continue to grow in number and complexity – and identifying and managing myriad exposures takes an all-hands-on-deck mentality. In a risk-aware corporate culture, risk management is part of every critical decision by every stakeholder. Technology can raise risk awareness by providing visibility into exposures across the organization and consistent reliable data about the potential impact of those risks.

How to Start Building Risk AwarenessHow to Start Building Risk Awareness

Culture is what weaves risk management into the everyday routines of all employees. With more eyes and ears on the lookout for emerging risks, a company is much less likely to be blindsided by an undetected vulnerability — and that’s a significant competitive advantage for any organization.

Here are seven steps to start making risk a part of every discussion and every decision at your organization:

  1. Educate all employees about risk. If you want employees to participate in managing and mitigating threats, start by equipping them with knowledge and language of risk. Explain the benefits of risk management, how to spot potential issues, how to assess potential impact, and what can be done to mitigate threats. Cultivating awareness and understanding of risk will make it much easier to see that reducing risk is in everyone’s best interest, not just the company’s.
  2. Communicate expectations. Have a clear, well-defined process for reporting risks. The easier it is to report a concern, the more likely employees are to do so. Guidelines need to be specific and direct. They need to go beyond the equivalent of, “if you see something, say something.” Technology plays an important role in ensuring reporting is easy, consistent, and timely. Offer employees on-the-go access to forms with prepopulated fields to make it easy to navigate the process and collect all necessary information while it’s still fresh. If the process of reporting risks is long or complex, adoption will be low.
  3. Get top-level buy-in. If the senior leaders are visibly making risk-conscious decisions, others will naturally follow. For example, in the chaos and compressed timelines of a crisis, it might be tempting to cut a few ethical corners for the sake of speed. Senior leaders who visibility refuse to compromise integrity set a great example for others to follow suit.
  4. Break down silos. Establish a risk committee that includes stakeholders from multiple departments to open lines of communication. Technology can help by centralizing risk information, standardizing data, and showing the relationships between threats. It helps establish a common risk language and facilitate productive conversations, so you can identify and address all vulnerabilities. If there is a problem with a vendor, for example, everyone can come together for a quick response to limit the fallout.
  5. Assign responsibility for managing specific risks. The risk committee should identify the individual who is most closely connected to each risk and hold that person accountable for its management. When everyone knows who is responsible for what, there’s much less of a chance that something important will fall through the cracks.
  6. Establish incentives. Baking incentives and risk management expectations into performance plans gets people thinking regularly about risk and what they can do to help correct issues within their control. Consider offering spot bonuses to employees who identify risks and come up with a solution. Or tie annual bonuses to achieving certain risk-related goals.
  7. Leverage technology to measure improvement and increase transparency. Enterprise risk management technology can gather all risk-related data from claims, internal audit, safety, and third parties into one location. This increases transparency and elevates the visibility of risk, which will promote a culture of risk awareness across your organization.

Risk scorecards, for example, can show how each business unit, department, or location is performing against key risk and safety goals. Point values can be given to each key performance indicator and totaled for an overall risk score. Business-unit leaders can then use this to review progress and suggest follow-up actions to improve performance.

Summarizing the data in reports and distributing them companywide allows everyone to see what’s been achieved, what’s in progress, and where there is still room for improvement. Business units can even see how their performance stacks up to others. While this may be frustrating for the team at first — especially for those who are coming up short — these scorecards can eventually become a point of pride, because they provide definitive proof of team accomplishments.

A Practical Look at a Risk-Aware Culture

A Practical Look at a Risk-Aware CultureConsider this example of the power of risk awareness. A large food-distribution organization with many different operating companies noticed an upward trend in the frequency and severity of its workers’ compensation and liability claims. Its numbers for key safety metrics—accidents per million miles (AMM) and recordable case rates (RCR)—were higher than those of its competitors. In addition to immediate concerns over employee well-being, the high volume of claims was straining the company’s financials.

Management wanted to instill a safety-oriented culture to reduce the risk of injuries and lower the total number of claims. The goal was to reduce AMM and RCR by 20%. To reach that goal, each independent operating company needed to buy into that policy. The company wanted to spark a mind-set change to emphasize that:

  • Everyone can make a difference.
  • All employees need to be aware of the risks in their own environment.
  • Reducing incidents and claim volume is in everyone’s best interests, not just the company’s.

To facilitate this shift, the company used risk scorecards to rank each operating unit’s performance across 17 risk and safety categories, including AMM, RCR, required training compliance, root cause completion percentage, and more. This method encouraged a cultural change in two ways: Overall scores were shared across the organization, which naturally motivated each unit to improve. There was also a clear financial incentive as employee bonuses were tied to achieving these goals.

It took time, but everyone is now on board. Locations eagerly await the quarterly ranking report, and improving safety scores is a point of pride. Employees understand the value of fixing a problem — and how their actions can really make a difference.

How Risk-Aware Is Your Organization?

A company culture that values risk awareness protects the customer, the brand, and the bottom line. When all stakeholders — from the CEO and board down to the newest interns — are aware of the risk inherent in every decision, you can raise potential issues, discuss them, and address them in advance. This way, unexpected issues are less likely to occur. And when they do occur, the impact tends to be less severe.

A great risk culture is not something that can be built in a single all-staff email or all-hands meeting. It takes time to educate people about risk, spark dialogue, and instill a belief that everyone has the power to make a difference.

For more on the role of culture in managing risk, please download the ebook, Charting a Course for Enterprise Risk Management, and check out Riskonnect’s ERM software solution.