Risk management challenges #5: Escalation of identified risks to high level management
As a risk management coach, I see first-hand some of the challenges organisations have when it comes to risk management. Many of the challenges are recurring and seem to be present regardless of times and trends. Other challenges come with changes in standards and expectations from stakeholders.
Imagine that you lead in a project department in a large company. You and your team run frequent risk meetings and pride yourselves in integrating risk management in your projects, and to never make any significant decision without evaluating risk as part of the process.
On occasion, you identify risks that may impact your company rather than only your projects, or you find risks that have a potentially higher impact than what your project resources can handle. What do you do? How do you escalate these risks to the right level in your organisation? And how do you ensure that your team understands when and why certain risks should be escalated from the department and to high level management?
To identify risk is really to identify areas of uncertainty. That a risk is identified does not mean that it will happen, nor that it will not happen. Notifying management about uncertainties and assumptions may feel unpleasant. We all want to appear as if we are in control. Escalating risks to higher management is in a sense the opposite of showing you have control. It communicates a message of don’t knowing and a need for help and attention from a group of executives that most probably has other, possibly more important matters to attend to. However, escalation of a risk to high level management might be the only way high level management will learn about a risk before it is be too late.
Based on my experience risk escalation works best when these factors are in place:
The culture is generally open
The culture encourages sharing of information across departments and organisational levels
Risk is on the agenda in all levels of an organisation
High level management acknowledges that risk management processes on all levels are source of valuable information, relevant to decision making
Employees and mid-level leaders understands that they may be sitting on the only source of information about a risk
Attention is given to how risks are communicated (format, length, language, etc.)
High level management routinely offers a thank you for every risk that is escalated
I am sure you can recognise my focus points, yet you may very well have different perspectives and different experiences. My focus points are based on the experiences I have, and the organisations I’ve been part of, as well as my own personal preferences. Your perspective has equally been developed during your years of experience in the field, your background and the cultures you have been working in.
I would love to discuss matters such as this in the Mastermind session I am hosting in Alicante from 22nd to 25th of May: Risk-based thinking, for quality and risk management professionals.
Each participant will bring one specific challenge they have to the table, and during the four days we will work hard to collectively infuse our peers with new thoughts, support their current approaches and/or give them alternative methods to solve their challenges. The goal is that each participant can go home with a well proven plan for handling challenges they’ve brought to the table during the Mastermind session. The expected bonus is that we all end up with a widened perspective on how we conduct our work and how we can improve our value for our organisations.
This is my fifth post about risk management challenges. In each post, I have been discussing different challenges related to risk management. Until 31st of March I grant a 10% discount on the Mastermind, or on any of my risk management coaching services.