6 Action Steps to Better Risk Management

Many of our clients don't know where to begin. The task of building a risk and safety program is daunting, they aren't sure they can afford it, there are a lot of complex choices, they are faced with pressures to reach standards they may not even recognize, and they are not sure they know what they don't know. We've been there. Most jobs stuff safety and risk management in the corner of a job description, and it can be hard to create space to contemplate, design, and build a risk management system.

You start by starting. Little steps, prioritizing what you can do now, and what you want to do later. It is remarkable how much high quality safety, security, and emergency preparedness is about strategic decision making and planning and doesn't require buying fancy systems, platforms, or glossy materials from consultants and digital services. We regularly advise prospective clients how to map out a plan of approach - one that works for them. While we often need to implement similar elements to mitigate operational risk, we likely need to do it differently, at prescribed speeds, communicated to a unique audience, with different budgets and in a wide range of contexts. While the need for businesses to manage risk is universal, the process is not. Taking an intentional, thoughtful approach will build resilient, enduring resources that will fit your organization on your terms.

Start by starting. It is all simpler, more affordable, and more doable than you think.

Ideally an organization builds a comprehensive Risk Management System that holistically defines, prepares, and articulates the framework of operations, tools and processes that outline risk, security and safety across your locations and programs. This is an ongoing, strategic commitment that grows with time and need. This system adapts with conditions, institutional capacity, scope of work and risk profile, and appetite.

While this process is unique to each business, here are 6 key elements that will set any organization up with a foundation for managing risk and building long-term safety and security measures to best protect people, assets, programs, brand, and mission. 

Risk Assessments

Do you know what you don’t know? Are you aware of your blind spots and operational gaps? A risk assessment is an opportunity to audit systems, policies, paperwork and forms, plans and budgets, and investigate the quality of your operations and programs and state of readiness. This can be conducted as a wholesale organizational review, or for a specific project or department. An assessment should be thorough, ask tough questions, be data-oriented, managed objectively, and have specific goals and information it tries to investigate and interpret. Assessment should be done with consistent methodology, inclusive of all relevant stakeholders, and done regularly to build a practice for it and to see patterns and trends over time. This is how you discover gaps, risks, challenges, limitations, strengths, competencies, and benchmark your operations to your own and connected standards. A good risk assessment is hugely valuable, a schedule of regular reviews even more so.

Safety Management Plans

This is the risk and safety playbook. This is where you sort out the details, information, itineraries and play-by-play description of your operating plan. This can be used for a strategic yearly plan, an afternoon activity, travel itineraries, robust and complex programs, logistics and supply chain management, and security concerns. The uses and applications are endless. The main value is more than just the playbook of actions and contacts and relevant supportive information - the exercise of developing a plan is where the best learning is. The process of thinking through details, assigning roles and responsibilities, working through situations and possibilities, and thinking through the issues allows you to imagine the full range of potential scenarios. This helps you work out potential challenges and see limitations and problems before they happen, and to create the supportive resources to respond well when they do. From a wallet card to a binder, a safety management plan can be an essential planner and reference for dispersed teams across the world to instantly coordinate along the same framework, assumptions, and triggers. Building the habit of creating safety management plans for both simple and complex activities, events, and programs builds a risk management reflex into staff thinking that can become a pervasive approach strengthening safety culture and involving everyone as a positive risk manager throughout the organization.

Incident Reporting

The ultimate safety goal is to always be reducing the frequency and severity of incidents across organizational activities. Incident reporting makes this possible by codifying reports into regular formal submissions into a database. Whether using a simple spreadsheet or dedicated software, reporting allows you to hone in on the incident types and contributing factors, narratives, and conditions that build data points allowing you to identify and analyze trends and patterns helping to uncover causal inputs of individual moments and through your organizational systems. Without good data you are guessing, and with regular reporting you can slice into the reporting information in ways to best understand what may be driving incidents and near misses. Reporting works best when it has well-defined criteria, consistency, is perceived as non-judgmental and not punitive, and is shared and reviewed to apply to future programming.

Emergency Response Structure

When a crisis hits, who does what? Who makes decisions and how do teams communicate? An emergency response structure designates roles, responsibilities, and decision hierarchies along with triggering defined criteria for activating and deactivating teams during emergency preparedness and response efforts. From simple call lists to full-blown incident command frameworks, this structure lines-out working tasks and roles so staff can jump in immediately and know how to function in relation to others. These structures are key in stressful times when challenging circumstances can overwhelm teams and decision-making. Teams can rely on these frameworks and have pre-designated positions make tough calls, engage internal groups and external partners, and coordinate response plans in a reliable way. Emergency response structures go by many names, and can be set up in a variety of simple or complex configurations depending on what your organization needs and what risks and emergencies you may anticipate. A key to these working well is to train them before-hand - to practice and work out kinks and get familiar with roles and scenarios so when the real thing happens, you are best prepared.

Business Continuity Plans

This is a strategic framework designed to ensure an organization can continue operations during and quickly recover from disasters, threats, incidents, and supply chain failures. It involves identifying risks, creating response procedures, and testing plans to minimize injury, disruption to operations, financial loss and downtime. Think of it as an umbrella safety management plan for your business. Often seen as a financial or insurance compliance activity - they are much more. Business continuity plans afford a company the opportunity to map out plans and contingencies for all-hazard risk, safety, and security possibilities. When paired with strategic plans, fundraising, budget forecasts, development plans, and operations management it serves to prevent issues by virtue of looking forward, and to outline the details of managing operational and communications failures as they happen. These plans are your predictive enterprise risk tools and your real-time response resources that help your business to be resilient amidst crisis and emergency events.

Mission

This is the beginning and the end, the guide star to help navigate your organizational direction and align your risk and safety resources toward your working purpose. In fast-changing, complex environments, organizations can easily lose sight of their mission, and programs can drift from their original intent. A well defined mission, and one that is revisited regularly, keeps programs on track and in the spirit of your work. Much of positive risk management work involves making decisions amidst ambiguity and uncertainty where it is easy to create confusing and conflicting tradeoffs and to do business with inconsistent standards. When intentionally defined and articulated, a well adhered-to organizational mission can help define purpose, liability, standards of practice and the scope and context of your work, thereby defining the operating boundaries that drive your success and ability to meet your goals with willful enterprise risk management.

These 6 steps can serve your organization as a foundation toward building your Risk Management System, get you started toward a habit of embracing proactive operations, and best managing your program’s safety, security, and emergency preparedness.

• By Todd Duncan, Owner/Principal Consultant, SeaBear Safety Solutions