A Risk-Register Refresh
We just welcomed the New Year. We made our personal New Year’s resolutions. Now we are back to the workplace grind. And with the new year, we revisit corporate strategies, tactics, goals and objectives. We develop individual performance, incentive and business plans. For the risk manager it means it is time to dust off that risk register from last year and give it a good refresh.
A risk register records risks identified at the beginning and during the life of your corporate strategy. The risks are graded usually in terms of likelihood of occurrence and seriousness of impact on the corporate goal or objective. Risks are selected for treatment and plans for mitigating the risk and responsibilities of the prescribed mitigation strategies are noted.
I tend to approach the task as if I were in a giant gyroscope. I try to give myself a 360-degree view of my environment. Bring together your corporate risk council of subject matter experts to help you and ensure you all take a good look around backwards, sideways and forward.
According to Warren Buffet, “In the business world, the rear-view mirror is clearer than the windshield.” Some may argue against this statement, but I do see truth in it. The past does leave valuable clues.
Your risk register is a living document. Risks change as your business, your industry and your operating environment change. It is essential to refresh your list with any new risks and check the effectiveness of your risk treatment strategies.
So, before we note new risks for 2018, first we should take an honest look in the rear-view mirror for 2017. There is much to learn from the past and it is important to digest the lessons learned from previous years.
When looking backwards, ask yourself if you got it right in last year’s risk register. If you were off, why?
Do a post mortem. Did your register miss any risk trends? If so, how was it these risks crept up on you? What was a surprise, and what was not? What was exaggerated? What was understated?
Also, it is important to take an inventory of what did happen. Did your organization have any notable incidents, or near misses? Did you experience any regulatory changes? Any political changes? Major organizational changes?
Evaluate if last year’s risk mitigations and treatment plans worked. Which ones are still ongoing and move into the new year?
Once done looking to the past it’s time to look sideways. Look to your neighbors and competitors for new emerging risks they may be creating for you. Listen for any new industry or trade rumors. Look for upcoming trends for your industry. What are the risks posed to your organization by these trends?
Now it’s time to look forward through the windshield. Look at the corporate strategy for the year. What are the key goals? How do they differ from the year before?
Your risk register is a living document. Risks change as your business, your industry and your operating environment change. It is essential to refresh your list with any new risks and check the effectiveness of your risk treatment strategies. &