Column: Risk Management

Framing Success

By: | September 14, 2015

Joanna Makomaski is a specialist in innovative enterprise risk management methods and implementation techniques. She can be reached at [email protected].

If little goes wrong at your organization, does it mean you have good risk management? Or are you extremely lucky?

When is something a preventable incident, and when is it an accident?

Furthermore, what do we consider an accident anyway? We use all these terms so interchangeably that often I wonder if it is really worth making a distinction between them. Terms used to describe luck, risk, incidents and accidents include the words unexpected, unforeseen, unintended, uncontrolled and chance. I’ve even read that an accident can be deemed a chance event without an apparent cause.

Effective risk management should be evaluated by measuring the effort it took to try to achieve the spirit of risk management.

All this makes a risk manager’s head shake. If it’s all about luck and chance, why bother with risk management efforts at all?

I recently was part of a vivid conversation. A group was lauding their risk management successes because nothing of real significance had befallen their organization for the past few years. Any incidents were minor in nature.

This prompted a curious debate, trying to answer the question: Why were they successful?  Or were they just lucky? Or was it success by design? I was keenly interested to hear the differing opinions and views.

Some felt it was just luck and the right environment for little risk; others felt that maybe the risk management was overly engineered so it was impossible for anything to go wrong. The remainder felt we right-sized our risk management effort. Who’s right?

It’s a question I feel still plagues us as an industry. We struggle to clearly measure the impacts of good risk management. In times like these, I tend to lean toward basic principles.

What is risk management again? For me, simply put, it is a decision-making practice that tries to manage possible deviations from what you are trying to achieve.

Effective risk management should be evaluated by measuring the effort it took to try to achieve the spirit of risk management.

When measuring risk management success, we should try to answer these overarching questions: Does your organization have a process that provides risk information to facilitate decision-making for optimal resource allocation so that the organization can achieve its goals?

Is the risk information sufficient, considering the authority and resources given to the risk manager? Is risk information being utilized for decisions?

Gauging risk managers’ achievements based on the number of adverse events is simply not relevant. Objectives for a risk management program need to measure how well organizations survive bumps in the road. Deterring incidents should never be considered unexpected, unforeseen, unintended. We should not count on luck.

Risk management efforts should measure how well the risk management process anticipates such derailers, and whether risk solutions are routinely designed, trained, institutionalized and rehearsed. And most importantly, are organizational goals being achieved while tolerating hindering events?

Thinking back to my recent debate, the organization’s success seemed to be by design. Risk solutions were right-sized, designed, trained and rehearsed.

The organization’s activities were not incident-free, but they were resilient enough to tolerate setbacks. The group stayed on track to deliver on their objectives for which they are now receiving acclaim. They achieved their organizational goals, and risk management was pivotal to getting them there.

More from Risk & Insurance