I celebrate the fact that business managers have asked this question a lot, especially in the past year.
The evidence I see is that risk managers are much more self-aware and aware of their internal and external environments, conditions, and circumstances. We have seen an evolution in the maturity of judgement, though the confusion between risk and problem does persist.
Three distinctive features stand out for me:
-
Checking the insurance policy to see if it will cover new kinds of risk events, as a priority, is moving to the back burner. The separation between buying insurance and managing risk slowly increases, which means greater emphasis on accountability, agility, responsiveness, and awareness.
-
The focus on health and safety or patient safety programs is no longer the only priority. Recognition of strategic (external) and operational (internal) risks is factored into financial, legal, human, process, and systems decisions, among other things.
-
The weight of regulatory compliance has been reinterpreted as there is an increasing understanding that compliance is a choice made at the moment of decision. Directions embedded in regulations may be outdated or downright inappropriate for the business and its objectives. This largely depends on the nature of the business.
These three features are highly visible. They are evidence that many organizations still have a long way to go to systematize risk management and increase their adaptability to the fluid nature of business in a fast-changing environment.
Programs sponsored by organizations such as #RIMS, #GRMI, and others are well suited for would-be insurance brokers or underwriters but do little to help businesses better manage or create value. Learning to manage risk from an insurance perspective has a backward-looking focus rather than forward, which is where risk is – in the future.
No one doubts that health and safety or patient safety programs are necessary. Organizations that principally focus on such programs as their primary form of risk management are prevented from gaining the bigger advantages. A systematized approach provides the opportunity to create value, grow the business, and develop capabilities to match market demands.
Compliance risk is a focus in many regulated sectors, but not every risk is related to compliance. That is why the weight of compliance is shifting. COVID has demonstrated clearly that some regulations can be inappropriate and detrimental to business activity, finances and/or competitiveness.
In my upcoming #newbook, I’ll present a systematized approach that can be adapted across sectors and organizational levels. This approach has been developed, tested and effective for over 20 years – I now share it widely.
The accompanying implementation program is now available.
To inquire, email us at: InfoDesk@uvidi.ca