Have you ever questioned your – personal or professional risk identification process?
If not, I will give some input how you could identify the three (or even more) key success factors of how to identify risks.
You are the one knowing your business and responsibilities best and are you also aware of your own blind spots?
The completeness of risks is key
I think there aren’t any business leaders and especially risk owners who wouldn’t agree on that. But how does it look like when it comes to daily business?
In my experience a completely different story and I see a huge variety of maturity level out in the field regarding the risk identification process.
For risk owners and business leaders there is a significant potential of upside if the risk identification process serves the business needs.
I am going to outline three specific areas to focus on when you are involved in the process of establishing, reviewing, challenging or approving a risk identification process:
1. Diversity
2. Communication
3. Risk-Intelligence
We all know there are many other areas too
but having learned that we as humans are not capable of taking up much more at a time, we keep it simply reduced to those three.
Starting with diversity I could imagine what kind of beliefs; stereotypes might already have come up while I was talking
Therefore – please let us expand diversity to much more than gender only!
The first question you could reflect on is:
What are the sources we use to identify potential risks for our business?
· Do we always use the same sources?
· How diverse are these?
· Did we change sources over the last time?
· How do we know that the sources used are still valid for our business
And here, please do not forget that when you change your business model, also your risk landscape should look different.
Meaning, when one source was great for the last 10 years, it does not mean that it is also helpful for the future.
The second questions is a more internal perspective to take on:
How are your communication and transportation paths within the firm regarding the task of identifying risks?
· How is the interaction in that process between BOARD – C-LEVEL -MANAGEMENT?
· How are the processes set up regarding TOP-DOWN and BOTTOM-UP streams?
· What are the criterias for those streams?
· What is the cultural mindset in the risk identification process?
· Is the defined process still “state of the art” or did it loose priority due to external (or internal) circumstances?
The third question wants to learn more about the collective risk intelligence:
What is the maturity level of risk-intelligence as an organisation?
To get a clear understanding it will be necessary that the term “risk-intelligence” is already implemented in an organisation.
As a starting point – and take-home assignment – I would like you to observe where you can identify sort of risk-intelligence within your organisation.
Please focus on the following three sources of risk intelligence
· Individual level
...
