The way your organization handles risk is indicative of its risk culture. Is risk management something that’s embedded in your company’s mindset, or something that only comes up when a crisis occurs? Is it something your company is prepared to talk about, or a topic they’d rather avoid?
Here at riskmethods, we’ve found that having a proactive risk culture—one in which risk is considered and planned for in advance, so that fast action can be taken when something does happen—is what gives our customers a leg up over their competitors. Whether it’s because they’re ready to quickly switch to another source of supply when an unexpected disaster occurs, reroute deliveries because of an impending strike or stock up on what they need before a weather event, proactivity helps our customers keep their businesses running.
But what if your organization doesn’t have a proactive risk culture? Good news: You can change this. And you can do it with a single meeting. The next time a risk event occurs, schedule a post-mortem. Get all the departments who were impacted represented in a room, and break down what happened.
These are the questions you’re going to want to ask:
- What was the risk event? For example: One of our suppliers declared force majeure.
- How did we learn about the risk event? For example: Our supplier notified us.
- When did we learn about the risk event? For example: 3 days after it occurred.
- What were the qualitative effects of the risk event? For example: We didn’t get our goods delivered on time. We had production downtime. We had to put some of our products on backorder.
- What was the quantitative effect of the risk event? For example: We lost $300,000 in revenue.
- And the last, most important question: How could we have avoided this?
Every organization is different, and might have additional pieces of information they want gathered during their risk event post-mortem, but these questions are core, and should form the basis of the discussion. If you need to change your company’s risk culture from reactive to proactive, this meeting is a great way to start, because it makes the negative impact of risk real and concrete to all stakeholders. (Even if you don’t need to change your risk culture, these meetings are absolutely necessary. They help the organization come together to understand what went wrong, and create an opportunity to discuss potential solutions.)
“That’s it?” you might be thinking right now. “This one meeting is going to inspire my organization to become more proactive about risk?” Well, if you don’t believe me, give it a try. Because here’s the facts: No one wants to be in this meeting. No one wants to have to quantify the damage that occurred as the result of a risk event. And really no one wants to think about how—with a little more proactivity—the problem might have been avoided in the first place. Once you force them to face the consequences of a risk event in this type of meeting, you’re very likely going to see a change in their attitude, and quickly. They’re going to want to be much more proactive—so that they don’t have to come to these meetings in the first place.
When you have a centralized process for talking about risk, and when you create an environment where your organization can clearly see its effects, no one is going to be able to ignore the problem anymore. And if they can’t ignore the problem, then you better believe that they’re going to be motivated to fix it.