Improving Your Risk Management Framework
This article is the seventh of fourteen parts to our risk management series. The series will be taking a look at the risk management guidelines under the ISO 31000 Standard to help you better understand them and how they relate to your own risk management activities. In doing so, we’ll be walking through the core aspects of the Standard and giving you practical guidance on how to implement it.
In previous articles we’ve looked at the core elements of the risk management framework, as well as the role of leadership and commitment, integration, design, implementation and evaluation more specifically. In this article, we’ll be looking at how to effectively improve your organisation’s risk management framework.
At this point in your risk management framework journey, you’ve evaluated your framework and you’ve determined that you need to make some improvements to it. This is the final component to the risk management framework, and it allows you to hone your framework to address your risk concerns in the most effective and robust way possible.
In doing so, adaptation and continual improvement are key. Adaptation is particularly useful for making practical changes to your framework’s current state, and continual improvement is useful for identifying whether or not those adaptations resonate with your organisation’s broader needs. This is achieved through considering the suitability, adequacy, effectiveness, and strength of integration that any proposed improvements present. When your organisation is satisfied to this end, it needs to effectively implement those improvements. We’ll look at each of these elements in more detail below.
Adaptation
At its core, improvements to your risk management framework are centred around adapting it to the changing wants and needs of your organisation. These factors are predominantly internal, and can be made in response to things like suggestions or recommendations from your risk management team, or even where there has been a change to your organisation’s strategic objectives regarding risk.
These internal factors are not the only influencing factors; there are also a number of external factors which may warrant framework improvement. An example could be a change in regulatory requirements. Such a change may require your framework to be adapted in order to ensure compliance with those new regulations.
To keep on top of any internal or external demand changes, you need to be continually monitoring your organisation and its environment. Failure to do so may render your framework ineffective and irrelevant. On top of continually monitoring these demand changes, you also need to be continually monitoring their impact on your risk management framework. Doing so will enable you to identify any shortfalls, which then requires you to design adaptations to overcome those shortfalls.
As your organisation maintains its ability to adapt its framework to the changing demands of internal and external factors, it will be able to both maintain and improve your organisation’s value. This protection and generation of value is related to productivity retained in the absence of workplace accidents, for example, of which helps to maintain your organisational reputation. Matters such as these are intrinsically linked to your organisation’s value.
Continual improvement
Adaptation of your risk management framework should not be a one off event. It should be an ongoing activity which is otherwise known as continual improvement. When approaching the continual improvement of your risk management framework, there are four key factors to consider. These include its suitability, its adequacy, its effectiveness, and its integration. We’ll look at these in a little more detail below:
- Suitability
Suitability relates to whether or not your proposed improvements are actually appropriate and address the wants and needs of your organisation. A good place to start when assessing the suitability of an improvement is to consider whether it aligns with your organisation’s strategic risk objectives, and whether or not it’s actually relevant to overcoming the issue you’ve identified. If the improvement doesn’t fit these considerations, you will need to redesign it to better serve your organisation’s risk needs.
- Adequacy
Adequacy relates to whether or not your proposed improvements are satisfactory for the issue it is trying to improve. This relates to the suitability consideration; if your proposed improvement doesn’t completely address the issue you’re trying to overcome, this is an important step for identifying how it is inadequate, as well as how you can overcome that inadequacy by improving your proposal. The threshold for whether or not a proposal is adequate is really a mix of common sense. A valuable way to validate your common sense here is to talk with your risk team and relevant staff working with the risk you’re trying to improve.
- Effectiveness
Effectiveness relates to the degree to which your proposed improvements are successful in improving the issue you have identified. This links back to the adequacy consideration; even if you have designed a strategy which is adequate to addressing the issue you’ve identified, this doesn’t necessarily mean that it will be effective at overcoming that issue. When considering the factor of effectiveness, it can be useful to identify what an effective solution actually looks like to your organisation. You may like to start with a goal for doing so, such as a decrease in workplace accidents as a result of the use of a particular piece of machinery, as an example.
- Integration
Integration relates to how well your proposed improvements unify your overall risk management framework. You’ll need to consider how well your improvements align with the rest of your framework, and if it doesn’t align well, you need to improve it. It can be useful when assessing integration to first begin with the improvement you’re proposing, and then to consider it in the context of your broader organisational framework in a more holistic sense.
Addressing these four factors will allow you to identify and refine any gaps or opportunities for improvement, which you will then need to implement.
Implementing improvements
With the support of upper management, you will need to create an implementation plan which effectively outlines how you’re going to implement the improvements to your risk management framework.
This plan will need to include things like schedule and tasks required to ensure implementation. Your schedule may include something to the effect of a Gantt chart for implementation, and tasks may include the regular review of the implementation process in accordance with that Gantt chart.
In ensuring that these activities are actually achieved however, it is critical that you properly assign an individual or a team to be responsible for its implementation. This links back to the role of accountability that we’ve commented on throughout our previous articles, and especially how it links to integration of your framework.
Ultimately, once your designated team has effectively achieved the requirements of your implementation plan, these improvements should continue to contribute to an effective, enhanced, and robust risk management framework.
Conclusion
As you now know, improvement is a critical component to ensuring that your risk management framework remains relevant and effective. As part of that improvement process, we’ve touched on how adaptation is necessary to address any internal or external demands, and how meeting those demands can maintain and improve the value of your organisation.
We’ve also touched on the importance of continual improvement to your framework and how it responds to adaptation. As part of this, we addressed the four key considerations of suitability, adequacy, effectiveness, and integration and how they can be used to inform improvements to your framework.
To this end, effective adaptation and continual improvement will require you to create and assign plans and tasks to ensure the effective implementation of improvements to your risk management framework.
If you have any stories – good or bad – about how you’ve improved your risk management framework I would love to hear them.
If you’re looking to improve your risk management framework and would like some guidance or a conversation to help you on your journey, please contact me. I’m more than happy to guide you