Risk management challenges #5: Escalation of identified risks to high level management
As a risk management coach, I see first-hand some of the challenges organisations have when it comes to risk management. Many of the challenges are recurring and seem to be present regardless of times and trends. Other challenges come with changes in standards and expectations from stakeholders.
Imagine that you lead in a project department in a large company. You and your team run frequent risk meetings and pride yourselves in integrating risk management in your projects, and to never make any significant decision without evaluating risk as part of the process.
On occasion, you identify risks that may impact your company rather than only your projects, or you find risks that have a potentially higher impact than what your project resources can handle. What do you do? How do you escalate these risks to the right level in your organisation? And how do you ensure that your team understands when and why certain risks should be escalated from the department and to high level management?
To identify risk is really to identify areas of uncertainty. That a risk is identified does not mean that it will happen, nor that it will not happen. Notifying management about uncertainties and assumptions may feel unpleasant. We all want to appear as if we are in control. Escalating risks to higher management is in a sense the opposite of showing you have control. It communicates a message of don’t knowing and a need for help and attention from a group of executives that most probably has other, possibly more important matters to attend to. However, escalation of a risk to high level management might be the only way high level management will learn about a risk before it is be too late.
Based on my experience risk escalation works best when these factors are in place:
The culture is generally open
The culture encourages sharing of information across departments and organisational levels
Risk is on the agenda in all levels of an organisation
High level management acknowledges that risk management processes on all levels are source of valuable information, relevant to decision making
Employees and mid-lev