The Do's and Don'ts of Risk Management DIY

May 2009 Issue

By Diana Del Bel Belluz, M.A.Sc., P.Eng.

If you Are a fan of home renovation shows, you wll know that DIY stands for 'Do-It-Yourself'. Those shows often feature horror stories of people who have tried to do their own renovations because they thought they could easily figure it out on their own and save some money by going the DIY route. Instead of ending up with their dream home, many do-it-yourselfers never complete the job or make costly mistakes that render their homes ugly, uncomfortable, unlivable or unsafe.

There are many parallels between home renovation DIY and risk management DIY. For instance, there are some things the organization must do itself, while other tasks require specialized knowledge or experience that you may not have in-house.

The risk of starring in your own DIY nightmare can be high if you ignore these do's and don'ts for the risk management do-it-yourselfer.


#1 - Set inspiring objectives.

Know what you want to achieve and why your organization is implementing risk management implementation. It's important that the what and the why are things that will motivate people to embrace the change process. Because they know your organization better than any external advisor and because they are ultimately accountable for achieving them, your leadership team has to set the objectives.

#2 - Assess your current status.

Many tools exist to do just this. You will likely want to adapt them to your situation. However, once you decide on one, stick with it, so that you have a constant yardstick against which to measure your progress. This is key to demonstrating the on-going value that your program is providing.

#3 - Consult the 'code'.

If you've seen TV's celebrity contractor Mike Holmes, you'll know how frustrated he gets when he inspects a house that has flaws that could have been completely avoided if only the builder or DYI renovator had followed the building code.

Building codes describe expected practices that are based on experience - both good and bad. They set minimum standards and help to avoid repeating the mistakes of the past.

The equivalent of building codes exist in the form of risk management standards and guidance materials. Before you design or enhance your risk management program, consult one or more of the available risk management 'codes' to ensure you are following best practices. Examples include:

  • International and national standards organizations, e.g., ISO 31000, AUS-NZ 4360;
  • Professional associations, e.g., COSO, IIA, RIMS; and
  • Governance bodies for economic sectors, e.g., the Basel Accords for financial institutions, the Treasury Board Secretariat’s risk guidelines for Canadian government departments.

#4 - Map out a path.

This is the strategy and comprehensive plan that sets out how you will implement risk management, what steps you will take and who will do them. Having and communicating a plan is essential for overcoming the 'rational' resistance you will face. (For more on overcoming resistance, see the July 2008 issue).

Make sure your plan is reasonable given the other priorities and constraints at your organization. Keep the plan simple. A simple plan is easier to communicate and to update when you inevitably hit a roadblock.

If you need to develop or update your implementation plan, Risk Wise offers a Risk Management Jump Start session that helps risk management leaders clarify their long term visions for their programs, identify key milestones for the coming year, and quickly develop a 90-day 'next step' action plan that will support their long-term goals. 

#5 - Cross train.

To successfully implement risk management you need to be well versed in the technical aspects of risk and highly skilled in organizational change management. Many risk management leaders are undermined because they are weak in one of these essential competencies.

It is common for do-it-yourselfers with deep risk knowledge to enthusiastically begin their risk management journey by creating a framework. But their program stalls when they can't get people to buy-in. Their plans get bogged down as managers pay attention to 'other' priorities and crises of the day. The risk management framework alone is not enough. Why? Risk management programs limp along unless you actively work to instill a risk management mindset in your firm.

Do-it-yourselfers who don't provide their organization with strong risk expertise typically develop ineffective and overly simplistic risk tools. A lack of technical knowledge and skill often leads to the development of overly simplistic analytics that don't provide the full power of risk thinking.

If you don't have both risk and change management skills in-house, get help from outside. For example, Risk Wise offers the Risk Management 'Personal Trainer' program to help risk management leaders bridge their skills and experience gaps. This program is helpful for:

  • People who are new to the field of risk and want to get up to speed quickly
  • Risk professionals who want to hone their change management skills.

Click to learn how the Risk Management 'Personal Trainer' one-to-one professional development sessions work.


A) Don't expect a consultant to do it for you.

An external advisor can provide advice and support. However, your executive management team (and you) must lead the implementation initiative.

That leadership must be highly visible in terms of how they speak about risk management and more importantly by what they do. Beware that if you do not lead by example, people will see there is a lack of commitment and they will not buy-in.

B) Don't work in a vacuum.

If you haven't previously designed or implemented a risk management program, you are heading into dangerous DIY territory. Avoid the pitfalls that stymie do-it-yourselfers.

Seek the advice of experienced industry peers or risk management professionals who've been there. If you don't know who your industry peers are, expand your risk management network by attending courses, networking events and conferences. Enhance your risk management knowledge with the many publications that are available on the topic. (This month's Bonus Resource lists sources of emerging risk thinking that are available on-line for free.)


The Risk Wise bottom line ...

All successful risk management leaders know what they can and must to do internally versus where they need to get expert advice. What actions can you take to heed the DIY do's and don'ts in this article and ensure your risk management program is robust and embraced by your people?


To explore how your organization can avoid a DIY nightmare and successfully implement risk management, contact Diana Del Bel Belluz at Risk Wise: (416) 214.7598 This email address is being protected from spambots. You need JavaScript enabled to view it.

Follow the links to:

  • Read this month's Bonus Resource - 10 Sources of Emerging Thinking on Risk Management
  • Download a printable version of the entire May 2009 issue of the Risk Management Made Simple Advisory.
  • View the Article Index to access back issues of the Risk Management Made Simple Advisory.

Current Special Offers for Subscribers

The code to access the following special offer has been emailed to all Risk Management Made Simple Advisory subscribers:

  • SPECIAL INTRODUCTORY OFFER:  To entice you to 'take a bite', we are waiving the fee ($100 value) for your first Virtual Learning Bite.  (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.  The Learning Bite topics for June 2019 are:
    • Italian Flag is a technique that enables you to quickly conduct an evidence-based assessment of the likelihood that a risk event will occur.  The focus on evidence helps to minimize the bias that can creep in when using more subjective methods such as the risk matrix approach which relies heavily on judgement and opinion.
    • Range Assessment is a technique that enables you to enables you to estimate a range for a variable (e.g., impact or cost of a risk event) which more realistically represents and communicates the uncertainty in the estimate than a single number would.
    • Scenario Planning Primer - Scenario planning is a powerful methodology to get to grips with the future uncertainties of the broader business environment.  The primer provides an overview of the approach illustrated by examples of scenarios and also covers how scenario planning can support decision making.
  • SPECIAL OFFER: $500 off the full program fee for Risk Management Made Simple Advisory subscribers on the Masters Certificate in Risk Management and Business Performance . The next program module to be held on September 23-26, 2019 in Toronto, ON. (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.  Note:  the only change from the current listing on this are the dates.

Not yet a subscriber, but want to access these special offers?

When you subscribe to the Advisory, we'll send you the code for all current special offers along with a link to your New Subscriber Bonus, a copy of Moving Beyond the Risk Map to Operational Vigilance.

FIND OUT FOR YOURSELF why risk management leaders subscribe, click to access the ARTICLE INDEX of all past issues of the Risk Management Made Simple Advisory.

"I save and study each issue of the Advisory. I appreciate how Diana gives very practical advice and links it to fundamental theories and best practices." 

Sherrie Hyde, Risk Manager, Lutherwood


Moving Beyond the Risk Map to Operational Vigilance

Read more about the Risk Management Made Simple Advisory.

"It is so refreshing to read a newsletter that offers real solutions for risk management challenges."
Cathy Taylor
Director, Risk
Kinross Gold Corporation

Jump Start your risk management program.

Receive personalized advice from Risk Wise

See Details

Diana's Pick

The Neuroscience of Enterprise Risk Management (written by Diana Del Bel Belluz of Risk Wise) expores findings from the field of neuroscience and shares practical tips on how to apply them to enhance individuals' risk management thinking and implement brain-friendly ERM practices in organizations.

The article was published by The Conference Board of Canada in the Autumn 2017 issue of the journal Risk Watch.