Driving Consistency to Support Risk Assessment Aggregation
inAs an organization operating in today’s business landscape, you know the importance of conducting risk assessments… and you’re also intimately familiar with the challenges in making those assessments happen efficiently and successfully. You need a systematic approach to ensure that you’re successfully mitigating risk throughout your organization to ensure the safety of your personnel and your assets and remain in compliance with the strict demands of regulators. The very nature of today’s global business climate means that undertaking a risk assessment across all plants and business units is a significant, many-layered challenge. But by finding a way to be consistent in the risk assessment process, companies are better able to compare “apples to apples.” This gives companies a single view through which to evaluate risk across the business and across the supply chain, identify areas for change, assess priorities for projects that need to be implemented, assign budgets, and continually improve.
Three-part Challenge:
Of course, creating a single, bird’s eye view of risk across an organization may not be as easy as it appears. There are several challenges.
Challenge 1. All risk assessments are different. Perhaps the most obvious challenge is the fact that risk assessments can be performed in a variety of ways. While there are several types of risk assessments that are widely used, the format of the information collected can vary. Every assessor has a different style and every company has a different way of doing things. As employees come and go, or organizations acquire or purchase other companies, the style of managing information changes. It’s difficult to maintain a consistent way of assessing risk.
Challenge 2. Every plant’s system is different. Different people use different ways of managing data. Some people use Excel, some build their own management system, some keep it all in their heads. Without central risk assessment, there can be as many management systems within a company as there are plants.
Challenge 3: Everyone’s skills are different. A manager’s training, experience, and skill-set will dictate the way they evaluate risk. Because of that, one facility manager may rate something as high-risk, whereas another might see it as insignificant. Executives looking at a risk assessment thus have no way of knowing whether a so-called risk is immense or insignificant.
Big Challenges, Simple Solution
With challenges so overwhelming, it may seem there’s no easy answer. But the truth is, with a centralized risk management system, even the largest, most global organization can aggregate risk assessments in a way that allows the company to see potential risks on both a micro and macro level. Here are a few suggestions:
Step 1. Establish two “assessment levels” that can be seen by central risk management.
Consider a two-pronged model in terms of assessing risk – a plant-level scale specific to the business unit (micro level), and an executive scale that can be used by executives for decision-making (macro level). For example, say a factory has a roof that is at the end of its life and it will cost $50,000 to be replaced. That’s a significant sum for the factory and could lead to a decision to delay a fix from that perspective, but the risk to the reputation or safety side is huge for the large conglomerate, if the roof falls and harms someone. With two assessment levels, one on the plant side ($50,000 for a new roof) and one on the conglomerate side (potential lost productivity and increased insurance premiums), managers at a centralized risk management level can see both perspectives and have more data at their fingertips for effective decision-making.
Step 2. Choose the right impact scales.
Scoring risk based on impact can be tricky. In the example above, financial impact at the plant level ($50,000 for a new roof) is high, but it is insignificant from an enterprise standpoint. So an impact scale based on dollars may not make sense. Reputation risk, or the risk of loss of life, would have the same impact irrespective of the size of the business unit, and therefore may be a much more accurate assessment.
Step 3. Implement a centralized risk management system.
An effective risk management system can ensure visibility of materially impactful risks and provide critical information to make better business decisions. With two “assessment levels” (micro and macro) and an effective centralized management system poised between the two, an organization will have a much easier time seeing a consistent view of risk across all business units.
Additionally, it is helpful to hire experienced managers at the centralized level who understand what is happening at the plants and can translate those details for the C-suite to aid in decision-making. Risk managers help facilitate local assessments and roll them up in a meaningful way for executives.
Even small lapses in risk management cost money. Minor employee injuries can lead to work stoppages, while occasional equipment failure can lead to missed deadlines and unhappy customers. And when such seemingly insignificant breakdowns in risk management can mean a major loss of revenues, you may actually be losing sleep over the possibility of more catastrophic events, like being ordered to pay millions or even billions of dollars in fines for regulatory and/or safety failures – not to mention the possibility of loss of life. A consistent and centralized approach to risk management can ensure proper controls are in place, give you a better understanding of your risk exposure across sites, and improve execution by better allocating resources to higher risk areas.