Home>Security>Cyber Crime>Risk matters - September 2018
Home>Facilities>Health and Safety>Risk matters - September 2018

Risk matters - September 2018

31 July 2018

With growing threats and a fast-changing world, the nature of risk management has changed. IIRSM looks at what the risks are and how to prepare.

THE WORLD has changed dramatically in the past 20 years, and most of all, the scale of change itself. We now live in a world where the biggest risk faced by organisations is the speed at which they can be destroyed (Aon’s Global Risk Management Survey, 2017). Reputation is all, and together with the growing threat of cyber attack or data loss, the very nature of risk management has had to change to adapt to this new and fast paced world.

So, is this hype or is it reality? In the power utilities sector for instance, the rise of distributed energy resources such as local generation using wind power and storage using home smart battery technology, is changing the economics and nature of the industry itself. Coupled with increasing demand for power from electric vehicle usage, and changing customer attitudes towards service, the risks facing the industry are changing rapidly.  

The old 20th century view of a business as a controllable machine is no longer appropriate: instead, today’s organisations are more akin to biological systems, adapting as huge cultural, economic and technological demands constantly change shape and reshape our world. So how do businesses learn to thrive on change?

In terms of managing reputation and resilience, those leaders who leverage opportunities to adapt, innovate and learn can make ever-changing times beneficial for themselves, their employees and their organisations

Business leaders need to create cultures where risk competence is embedded throughout the organisation, and in ways that ensure true worker participation. It is critical for business leaders to foster an open dialogue across the organisation, especially during uncertain times. The UK Financial Reporting Council (FRC) will imminently release its 2018 UK Corporate Governance Code, and that too will require listed companies to have worker representation at board level. Thus we can see that the same social trends are changing approaches to risk in industry at the board table as well as the shop floor.

Faced with this new world, business leaders are having to look holistically at risk across the enterprise – no longer does it work to think of occupational safety and health, insurable risk, data, quality, financial risks, governance and business continuity as separate unconnected disciplines. Indeed, these and ‘opportunity risk’ are all interconnected, as indeed the ‘man or woman in the street’ would tell us. ISO 31000:2018, the global standard for risk management, and BS 65000, the UK standard for organisational resilience, all support this approach.

What should organisations do?

Firstly, adopt a common language for risk across all parts of the organisation, and one which chimes with business leaders. Being technically expert, but unable to communicate in a relevant way, is often a barrier to acceptance for risk professionals. According to Deloitte (Global Risk Management Survey, 2017), 86% of company boards are devoting more time to the oversight of risk management than they did two years ago. OSH professionals must be engaged with this or lose relevance. ‘Risk management must be a culture, not a cult’ (Tom Wilson, chief risk officer, Allianz).

Secondly, be brave and ‘learn how to learn’. In today’s world of ‘fake news’ and social media, being able to discriminate between hype, lies and facts is everything. We’re all being asked to believe that all points of view are relevant, but as scientists are taught, that doesn’t mean all views are correct. Brave, because sometimes the established view isn’t necessarily the right one: we can learn from NASA (Columbia and Challenger) and the nuclear industry (Chernobyl and Fukushima) for instance. Indeed, more recently, the Grenfell Tower Inquiry preliminary expert reports included the recommendation that a culture shift in fire protection of high rise residential property was needed, something that could or should have been learned already, from earlier residential block fires or indeed the Piper Alpha disaster 30 years ago.    

Thirdly, business leaders are having to ‘think the unthinkable’. As IIRSM 2018 conference speaker Nik Gowing told delegates, being flexible and prepared for changes that happen at ‘social media speed’, will differentiate tomorrow’s survivors and winners from names that will become history. Ignoring the ‘elephant in the room’ may have enabled yesterday’s leaders to avoid ‘career limiting moves’, but in today’s world it’s more likely to lead to a Carillion, an Oxfam or a #metoo. All the evidence is that millennials won’t want to work for you either. Ignore so-called ‘black elephants’ and at best you’ll be engulfed in a social media storm, at worst, you’ll lose your business.  

Find out more about IIRM by visiting, www.iirsm.org