How to Change Your Risk Culture with a Single Meeting

The Resilient Enterprise | The riskmethods Blog

A company with a proactive risk culture recognizes that risk is inevitable and accepts that some advance measures are necessary to mitigate its effects. A company with a reactive risk culture is one that only deals with risk once it actually occurs. So what’s the risk culture at your company—and how can you change it?

The way your organization handles risk is indicative of its risk culture. Is risk management something that’s embedded in your company’s mindset, or something that only comes up when a crisis occurs? Is it something your company is prepared to talk about, or a topic they’d rather avoid?

Benefits of having a proactive risk culture

Here at riskmethods, we’ve found that having a proactive risk culture—one in which risk is considered and planned for in advance, so that fast action can be taken when something does happen—is what gives our customers a leg up over their competitors. Whether it’s because they’re ready to quickly switch to another source of supply when an unexpected disaster occurs, reroute deliveries because of an impending strike or stock up on what they need before a weather event, proactivity helps our customers keep their businesses running.

Want an example of what proactive risk mitigation looks like? Check out a day in the life of a risk-aware procurement organization.

6 questions to ask while changing your company risk culture

But what if your organization doesn’t have a proactive risk culture? Good news: You can change this. And you can do it with a single meeting. The next time a risk event occurs, schedule a post-mortem. Get all the departments who were impacted represented in a room, and break down what happened.

These are the questions you’re going to want to ask:

  • What was the risk event? For example: One of our suppliers declared force majeure.
  • How did we learn about the risk event? For example: Our supplier notified us.
  • When did we learn about the risk event? For example: 3 days after it occurred.
  • What were the qualitative effects of the risk event? For example: We didn’t get our goods delivered on time. We had production downtime. We had to put some of our products on backorder.
  • What was the quantitative effect of the risk event? For example: We lost $300,000 in revenue.
  • And the last, most important question: How could we have avoided this?

Every organization is different, and might have additional pieces of information they want gathered during their risk event post-mortem, but these questions are core, and should form the basis of the discussion. If you need to change your company’s risk culture from reactive to proactive, this meeting is a great way to start, because it makes the negative impact of risk real and concrete to all stakeholders. (Even if you don’t need to change your risk culture, these meetings are absolutely necessary. They help the organization come together to understand what went wrong, and create an opportunity to discuss potential solutions.)

Proactive risk culture in your company: final thoughts

“That’s it?” you might be thinking right now. “This one meeting is going to inspire my organization to become more proactive about risk?” Well, if you don’t believe me, give it a try. Because here’s the facts: No one wants to be in this meeting. No one wants to have to quantify the damage that occurred as the result of a risk event. And really no one wants to think about how—with a little more proactivity—the problem might have been avoided in the first place. Once you force them to face the consequences of a risk event in this type of meeting, you’re very likely going to see a change in their attitude, and quickly. They’re going to want to be much more proactive—so that they don’t have to come to these meetings in the first place.

Want more tips on building the business case for a proactive risk culture? Here’s our 5-step guide.

When you have a centralized process for talking about risk, and when you create an environment where your organization can clearly see its effects, no one is going to be able to ignore the problem anymore. And if they can’t ignore the problem, then you better believe that they’re going to be motivated to fix it.

Subscribe now to the riskmethods newsletter and never miss out on new, interesting insights!

More from The Resilient Enterprise Blog

Back to top