Your Quick Guide To Managing Ethics & Compliance

The dreaded risk assessment

As I conclude a pan-African risk assessment in the healthcare sector, and start one on a fund in Southeast Asia, I must (again) remember that the words “risk” and “assessment” are about as welcome as “exploratory” and “surgery”.

The risk assessment aims to identify future threats and protect the organisation from harm. We may know this, but few others do. Many risk assessments appear as glorified audits of everything you should do or know but don’t. The risk assessment team appears armed with the dreaded poster-sized risk matrix and multicolour post-its. But when the poster case looks like a bazooka, and the post-its resemble a corkboard connecting murder victims in a docu-drama, we are figures of dread.

I am ashamed to admit, I was that person for many years. The one asking people to assign the likelihood of horrible events that they’d have to mitigate. On reflection, I might as well have asked them about all their lifestyle habits and which ones were most likely to lead to premature death, family breakdown, or termination of employment. “So, Mary, you work in sales. Do you entertain clients at nice restaurants with intimidating wine lists? How’s your liver and home life?”

Is there another way to approach risk assessments?

Yes.

Risk Matrix Image

Don’t use language like probability, likelihood, and impact or consequences as diagnostic tools. When we use a universal language (numbers), it’s easier. For instance, if I rank my chances of getting this newsletter done tonight (Wednesday) as “probable,” what does that mean? 30% chance, 90%? If I pick a number, I’d go for 80%, which is precise and useable. When we get multiple numbers, we can look at the median point.

Beyond that, I like to stick to what, who, how, when, and where questions (as outlined in the image). But in a newsletter, I’ll not go too deep here. It’s more of a webinar than an email.

Instead, I’ll end by focusing on how the “risk assessment” is messaged to participants. Rather than “Hey team, the compliance goons are coming down to grade us,” maybe go softer. “We have a risk management framework, but is it working for you? We need some of your time to tell us about any challenges you’re facing, what’s going well, and what could be better so we can do what we’re here to do: help you do your jobs, safely.”

Need more?

Book a (free) strategy session, get new articles, and other content designed to be useful and fun.

Your Quick Guide To Managing Ethics & Compliance

Be the first to know

Subscribe to receive a weekly newsletter with trends, news, and hacks for all things risk. PLUS, behavioural science, investigations, human risk, and alternate perspectives.