How does your organisation deal with ( important) risks? How do you achieve meaningful risk management? To these questions, experts Martin van Staveren (Consultant, lecturer, author and speaker), Jochem Sluis (Expert Integral Risk Management, AethiQs) and Marieke Kessels (CEO, Infoland and with a PhD on the subject of risk management) answered during the first Infoland Executive Event. With this new initiative, we aim to share knowledge with experts in the field. In this article, you will get a sneak preview of the session as well as read the most important tips on risk management that you can already get started with.
Risk management. Every professional organisation has to deal with it and relies on a strong, integral policy around risk management from a large number of processes. In recent years, risk management has become a dynamic and complex process, partly due to digital and social developments. How do you achieve a clear vision when it comes to risk management in your organisation? For this, we need to go back to basics: because what is a risk anyway? Martin: “A good definition of ‘risk’ is that it is an uncertain event that impacts a business objective. The latter is incredibly important – it can be about value, wellbeing, health. The uncertainty affecting the goal has two sides: the negative side is the risk, the positive side is the opportunity. The latter is unfortunately often forgotten.”
An example of why risk management is important is Philips’ sleep apnoea issue. In June 2021, Philips announced that there might be something wrong with some of its sleep apnoea devices. The foam in the devices could crumble, after which people could inhale it. Harmful gases could also be released. Philips apparently knew since 2016 that better foam was available for the devices, but it then took five years for the company to act. Philips eventually had to withdraw millions of devices after serious health complaints. The US FDA reported 346 deaths (April 2023) linked to the devices.
This example shows what the consequences can be of mistakes, anywhere in the process. Multiple incidents at Philips have resulted in fatalities and the loss of many jobs. The Philips example is extreme, but every organisation faces risks. Marieke: “For Infoland, for example, everything to do with information security and data safety is very important. We take our responsibility in this and make sure our customers’ data is safe in our cloud solution. In addition, not finding employees in time to realise the company’s growth could be a risk for Infoland.”
Risk management has developed enormously in recent years. This is not surprising when we look at developments in the world: just think of the global corona pandemic, for example, but also changing political climates. We live in a ‘VUCA world‘, a rapidly changing world characterised by a high degree of uncertainty and complexity. The four letters in the acronym stand for:
The world is changing faster and faster, and small factors have increasingly large impacts and complex consequences. “So risk management in today’s era is dynamic and encompasses all kinds of facets. It still ranges from thinking about risks at a high strategic level, to making specific what the risks are within a project,” Marieke explains. “Basically, it is about equal perception on that and explicitly stating the risk appetite. You also have to understand that that cannot always be the same for everyone in your organisation. I think it is very important to include that in the dialogue you have and in the communication to colleagues and externals.”
It is not surprising that directors of organisations sometimes lie awake wondering: ‘Do I even understand the key risks of my organisation?’ According to Martin, this is an idea that leaders need to let go of. “That may sound strange, but the VUCA world is a complex, uncertain world. We cannot predict everything, even if we sometimes think we can. I think you sleep better as a director if you resign yourself to the fact that, on the one hand, you identify the risks as best you can, but also realise that the your organisation can take a beating. Your organisation is resilient and flexible enough to cope with unexpected shocks.”
Directors can usually list their organisation’s key risks. The key is to work with people within the organisation to understand what you really care about. What are the relevant risks when it comes to your organisation’s right to exist, continuity and credibility? Jochem: “In my view, risk inspiration is therefore more important than risk administration. Administration is necessary to make things demonstrable, but make sure you take your colleagues along in what is important. Inspire each other and keep each other on their toes.”
But how do you make sure you embrace uncertainty, but keep continuous dialogue with each other? Jochem: “You need to know how you look at risk and how other people in your organisation are in the game. Also think about how you want to communicate that to the rest of the organisation. How do you deal with risk awareness? The trick is to create more awareness.”
One of the skills of good risk leadership is being able to deal with conflicting goals. Think about the example of Philips – where on the one hand it is about quality and safety, but on the other hand it is a commercial company that has to think about profits, reputation and so on. “Dealing with those clashing values and the perceptions that go with them should be on the agenda in the boardroom. Risk management is not something that should lie solely with the risk manager. You often see that he or she does have insight into the risks, but it appears on the board’s agenda twice a year. Breaking that pattern and putting it structurally on the agenda is very important,” Martin says.