From ‘complying with the rules’ to risk leadership
The risk management profession poses dilemmas for this group of professionals, according to Ron de Bruijn, Managing Director of Riskonet in his recent blog. You point out shortcomings to your client, but what if your report ends up in the hands of a regulatory authority? Carolien de Vries, Director of Young Safety Professionals (YSP), has her own view on this dilemma. She believes that risk managers should be alert to the signs that a client is performing incorrect risk management and not showing ownership or leadership.
“Dear Ron, I read your appeal about the dilemmas facing risk managers with great interest. Indeed, what if the regulatory authority or insurer does ask us to share a report that identifies safety risks?
I would like to add another question. As a risk consultant, how do you avoid finding yourself in this position?
I often notice that contracting parties have difficulties assuming responsibility when it comes to risk management. They merely look for ‘compliance’, perhaps without realising it, and a way of complying so that they can justify themselves. I often see contracting parties do just the opposite instead of showing ownership, they ‘shift ownership’. They do this, for instance, by transferring their responsibility, in a manner of speaking, to the risk consultant.
Risks are ever-present!
However, the nature, vision and objectives of an organisation, and the ensuing work, are accompanied by risks. Risks are everywhere! Whereas the initial reaction may be to ‘shift’ these risks and to hedge against them or pass them on, there are many other ways to deal responsibly with risks.
In the risk management sector, we often talk about a risk management cycle. This broadly involves setting goals, identifying risks that threaten these goals, classifying risks, managing risks, assessing control measures and communication and transfer. Of course, there are other variants of these different models and instruments.
Helping the client to go through the steps
Personally, I do not see it as my role as a risk consultant to go through these six steps for the client. We should help our client go through these steps for themselves, and support the client where they are lacking knowledge. This enables us to empower and encourage our client to conduct thorough risk management based on a well-considered vision.
I believe that the role of risk consultants is to coach and support clients. Consultants should educate clients to deal with existing uncertainties. Clients should exchange the tendency to want to have all bases covered for an attitude in which they dare to take well-considered decisions and accept that not all risks can be solved. I think this is how every organisation should conduct its risk management.
If an external risk consultant finds himself or herself cornered between the insurer, regulatory authority and the client, it may well be a sign that the client is performing its risk management incorrectly and is not showing ownership or leadership. Then it is time for a very different type of conversation with the client.
Then there are the serious safety issues. If a regulatory authority gets wind of serious safety issues that affect the licence and pose unacceptable risks for staff, visitors or business continuity, it is unable to ignore this information.
However, the organisation cannot really deny the information either. That is because there is a serious safety issue! Risk consultants should support the organisation’s management in such a way that they are intrinsically motivated and will respond. This should not be because the organisation’s management has to do this, but rather because they want to. That is because it threatens their organisational objectives. It also threatens the wellbeing of their staff.
The organisation can then take a management plan to the regulatory authority or insurer. It will enable them to show that they are dealing with risks and any accompanying uncertainties in a mature way.
The key point is learning to deal with risks
I am convinced that risk consultants have an essential role in this entire process. Of course, risk consultants first provide substantial advice. Our clients are not specialists and can easily lose sight of risks or incorrectly estimate these risks.
However, above all, and this is the point that I would like to make here, clients can learn to deal with risks in a more responsible manner. The contracting party remains the risk owner, and this is a role they must perform. My fellow risk manager and author, Martin van Staveren, wrote a book on this subject which he called “risk leadership”. An organisation that displays risk leadership allows itself to be supported by the right consultants in different fields of expertise, but takes well-considered decisions itself on the basis of input. As risk consultants, our duty is to provide guidance, and to support and coach the client in such a way that the client wants to and is able to assume this role.
However, this appears to be easier said than done. Perhaps it is, too. I am aware that my approach may seem slightly naive. I know that these practices are deep-rooted. It involves clients dealing with risks in a responsible manner based on the right beliefs and intentions, and if necessary, with support from an consultant!”
Carolien de Vries is the Director of Young Safety Professionals (YSP). YSP supports organisations with safety issues and provides professional training to young safety experts.