The Do's and Don'ts of Risk Management DIY

May 2009 Issue

By Diana Del Bel Belluz, M.A.Sc., P.Eng.

If you Are a fan of home renovation shows, you wll know that DIY stands for 'Do-It-Yourself'. Those shows often feature horror stories of people who have tried to do their own renovations because they thought they could easily figure it out on their own and save some money by going the DIY route. Instead of ending up with their dream home, many do-it-yourselfers never complete the job or make costly mistakes that render their homes ugly, uncomfortable, unlivable or unsafe.

There are many parallels between home renovation DIY and risk management DIY. For instance, there are some things the organization must do itself, while other tasks require specialized knowledge or experience that you may not have in-house.

The risk of starring in your own DIY nightmare can be high if you ignore these do's and don'ts for the risk management do-it-yourselfer.

DO'S

#1 - Set inspiring objectives.

Know what you want to achieve and why your organization is implementing risk management implementation. It's important that the what and the why are things that will motivate people to embrace the change process. Because they know your organization better than any external advisor and because they are ultimately accountable for achieving them, your leadership team has to set the objectives.

#2 - Assess your current status.

Many tools exist to do just this. You will likely want to adapt them to your situation. However, once you decide on one, stick with it, so that you have a constant yardstick against which to measure your progress. This is key to demonstrating the on-going value that your program is providing.

#3 - Consult the 'code'.

If you've seen TV's celebrity contractor Mike Holmes, you'll know how frustrated he gets when he inspects a house that has flaws that could have been completely avoided if only the builder or DYI renovator had followed the building code.

Building codes describe expected practices that are based on experience - both good and bad. They set minimum standards and help to avoid repeating the mistakes of the past.

The equivalent of building codes exist in the form of risk management standards and guidance materials. Before you design or enhance your risk management program, consult one or more of the available risk management 'codes' to ensure you are following best practices. Examples include:

  • International and national standards organizations, e.g., ISO 31000, AUS-NZ 4360;
  • Professional associations, e.g., COSO, IIA, RIMS; and
  • Governance bodies for economic sectors, e.g., the Basel Accords for financial institutions, the Treasury Board Secretariat’s risk guidelines for Canadian government departments.


#4 - Map out a path.

This is the strategy and comprehensive plan that sets out how you will implement risk management, what steps you will take and who will do them. Having and communicating a plan is essential for overcoming the 'rational' resistance you will face. (For more on overcoming resistance, see the July 2008 issue).

Make sure your plan is reasonable given the other priorities and constraints at your organization. Keep the plan simple. A simple plan is easier to communicate and to update when you inevitably hit a roadblock.

If you need to develop or update your implementation plan, Risk Wise offers a Risk Management Jump Start session that helps risk management leaders clarify their long term visions for their programs, identify key milestones for the coming year, and quickly develop a 90-day 'next step' action plan that will support their long-term goals. 

#5 - Cross train.

To successfully implement risk management you need to be well versed in the technical aspects of risk and highly skilled in organizational change management. Many risk management leaders are undermined because they are weak in one of these essential competencies.

It is common for do-it-yourselfers with deep risk knowledge to enthusiastically begin their risk management journey by creating a framework. But their program stalls when they can't get people to buy-in. Their plans get bogged down as managers pay attention to 'other' priorities and crises of the day. The risk management framework alone is not enough. Why? Risk management programs limp along unless you actively work to instill a risk management mindset in your firm.

Do-it-yourselfers who don't provide their organization with strong risk expertise typically develop ineffective and overly simplistic risk tools. A lack of technical knowledge and skill often leads to the development of overly simplistic analytics that don't provide the full power of risk thinking.

If you don't have both risk and change management skills in-house, get help from outside. For example, Risk Wise offers the Risk Management 'Personal Trainer' program to help risk management leaders bridge their skills and experience gaps. This program is helpful for:

  • People who are new to the field of risk and want to get up to speed quickly
  • Risk professionals who want to hone their change management skills.

Click to learn how the Risk Management 'Personal Trainer' one-to-one professional development sessions work.

DON'TS

A) Don't expect a consultant to do it for you.

An external advisor can provide advice and support. However, your executive management team (and you) must lead the implementation initiative.

That leadership must be highly visible in terms of how they speak about risk management and more importantly by what they do. Beware that if you do not lead by example, people will see there is a lack of commitment and they will not buy-in.

B) Don't work in a vacuum.

If you haven't previously designed or implemented a risk management program, you are heading into dangerous DIY territory. Avoid the pitfalls that stymie do-it-yourselfers.

Seek the advice of experienced industry peers or risk management professionals who've been there. If you don't know who your industry peers are, expand your risk management network by attending courses, networking events and conferences. Enhance your risk management knowledge with the many publications that are available on the topic. (This month's Bonus Resource lists sources of emerging risk thinking that are available on-line for free.)

*

The Risk Wise bottom line ...

All successful risk management leaders know what they can and must to do internally versus where they need to get expert advice. What actions can you take to heed the DIY do's and don'ts in this article and ensure your risk management program is robust and embraced by your people?

*

To explore how your organization can avoid a DIY nightmare and successfully implement risk management, contact Diana Del Bel Belluz at Risk Wise: (416) 214.7598 This email address is being protected from spambots. You need JavaScript enabled to view it.

Follow the links to:

  • Read this month's Bonus Resource - 10 Sources of Emerging Thinking on Risk Management
  • Download a printable version of the entire May 2009 issue of the Risk Management Made Simple Advisory.
  • View the Article Index to access back issues of the Risk Management Made Simple Advisory.

Current Special Offers for Subscribers

The code to access the following special offer has been emailed to all Risk Management Made Simple Advisory subscribers:

  • SPECIAL OFFER: $460 off the full conference fee for Risk Management Made Simple Advisory subscribers on the Resilience 2017 to be held on April 24-26, 2017 in Edmonton, AB. (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.

  • SPECIAL OFFER: $150 off the full conference fee for Risk Management Made Simple Advisory subscribers on the Canadian Privacy Summit 2017 to be held on May 2-3, 2017 in Toronto, ON. (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.

Not yet a subscriber, but want to access these special offers?

When you subscribe to the Advisory, we'll send you the code for all current special offers along with a link to your New Subscriber Bonus, a copy of Moving Beyond the Risk Map to Operational Vigilance.

FIND OUT FOR YOURSELF why risk management leaders subscribe, click to access the ARTICLE INDEX of all past issues of the Risk Management Made Simple Advisory.

"I save and study each issue of the Advisory. I appreciate how Diana gives very practical advice and links it to fundamental theories and best practices." 

Sherrie Hyde, Risk Manager, Lutherwood

FREE DOWNLOAD

Moving Beyond the Risk Map to Operational Vigilance

Read more about the Risk Management Made Simple Advisory.

"It is so refreshing to read a newsletter that offers real solutions for risk management challenges."
Cathy Taylor
Director, Risk
Kinross Gold Corporation

Jump Start your risk management program.

Receive personalized advice from Risk Wise

See Details

Diana's Pick

Neuroscience and the Nonprofit Manager (written by Andy  Segedin and published in the NonProfit Times) shares some of the tips on how to counteract common biases and habits that impede effective decisions.

The article is based on a workshop that Diana Del Bel Belluz of Risk Wise presented at the 2015 Risk Summit organized by the Nonprofit Risk Management Center.