We practice risk management at home every day
Whether or not we identify it as such, we engage in risk management every day. We lock our doors when we go out, as we don’t want uninvited people in our home when we’re away. If we take a vacation or travel for business, we ensure accessible windows are also closed and locked, for the same reason. We may also have a house sitter, security systems, or doorbell cameras in place.
While none of these measures is a guarantee against home intrusions, each of them helps to reduce the likelihood of such events. In other words, we’re managing those risks. We also mitigate those risks by purchasing home insurance. That way, if our home was damaged or some of our belongings were stolen during a break-in, we would have financial support in recovering from such losses.
Risk management on the home front isn’t entirely about potential burglaries, which I hope never happens to you. We have screens on our windows to reduce the possibility of flies or other creatures coming in through our windows. When we head out on our vacations, we may invest in some of those “plant nanny” water bottle drip systems or we give a key to a trusted neighbor or friend who’ll do the watering for us.
What about your planters, garden beds, or vegetable garden? Again, you may have a terrific neighbor who helps out. Others rely on underground irrigation systems to help our plants thrive while we’re away.
When we take these proactive steps, we’re thinking not only about preventing our plants from dying; we’re also thinking about the rewards associated with taking care of them. If you’re a veggie gardener, you may be looking forward to the delicious salads and produce you’ll be able to enjoy once you return. When it comes to planters and floral garden beds, we look forward to the reward of enjoying the sights and scents of all those flowers we love. We identify, assess, and manage risks for three reasons.
We engage in risk management for three reasons
We identify and manage those risks (by locking our doors) and we also strive to mitigate them (by having home/property insurance), because we value the reward – our long-planned and much-needed holiday!
Risk Management at Work
Whether our work is hybrid, remote, or entirely back in the office, we also practice risk management in our careers. We use passwords or otherwise secure access to our smartphones. Phone passwords represent just one example; just think of all the passwords you need to remember! In an era when cybercrime is rampant, there are reputational, legal, and financial risks associated with cyber breaches. We also secure our wallets or purses and confidential documents in locked cabinets.
We know the assistant career has evolved over time, and the pace of change in our world continues to escalate. Who knew three years ago just how relevant it would be to be conversant with multiple digital meeting platforms? Artificial intelligence (AI) and pandemic-driven changes to how our workplaces function both contribute to the risk that the skills that helped land us our current roles may not be sufficient to thrive in the career long term. We manage that risk by committing to ongoing professional development that helps us update and elevate existing skills as well as develop new ones. We engage in learning because it’s stimulating, yet it also serves as a form of risk management – so we have both risk management and potential rewards when we invest time in ongoing learning. Those rewards may take the form of additional recognition or compensation, or career growth.
Employers practice risk management, on a different scale
Astute management teams actively engage in risk management, and astute boards provide oversight of risk management. After all, to paraphrase the poet Robbie Burns, the best-laid plans of executives and boards – no matter how skilled and informed they may be – can go awry. Consider the state of supply chain management in 2022, and the challenges procurement colleagues have faced; it’s fraught with risks.
When it comes to risk management, employers need to identify, assess and mitigate threats to their organizations. This means anticipating what may not progress as anticipated, and then identifying and taking steps to reduce that uncertainty to a level deemed tolerable.
In considering opportunities, employers will weigh in risks before proceeding with a plan – whether that opportunity involves an expansion of services, capital construction or renovation, the introduction of new technology or marketing, or any of a myriad of initiatives.
In order to manage risks and leverage opportunities, management teams will identify risks by category: strategic, operational, financial, environmental, reputational, and legal/compliance. Management will create and routinely update risk registers, identifying mitigation strategies, changes in risk levels, and so on. Heat maps, which are graphic representations of risks, are also used to concisely communicate risks.
Failing to prepare can mean preparing to fail
Management teams and boards will discuss, debate, and make opportunity- and risk-related decisions based on an organization’s risk appetite and tolerance. They also need to identify risk responses – the process of selecting and then implementing measures in response to a given risk. For example, internal controls are one means of responding to the risk that threat actors (criminals) may send realistic-looking yet fraudulent information to an organization’s Accounts Payable staff.
There have been instances in which cybercriminals have digitally impersonated legitimate vendors, and sent emails communicating a change of banking information for electronic fund transfers (EFTs/payment) related to upcoming invoices. Building internal control to respond to this type of risk can be as simple as having someone at a supervisor or management level review all financial institution/vendor change requests prior to acting on them.
Top-down and Bottom-up
As an organization gains maturity in its risk management practices, it will engage in what’s known as enterprise risk management (ERM). This is a strategic and comprehensive approach to identifying, assessing, communicating, and managing risk exposures. It’s also ongoing and ideally normalized within an organization. While it’s the management team and (where one is in place) board that manage and oversee risk management, ERM is ideally not solely a top-down endeavor.
An organization’s risk culture benefits when people at all levels of the organizational (org) chart have a general understanding of risk management and their employer’s risk management practices. That risk culture is healthier when people across the organization are empowered to identify risks that may not be visible from high atop the org chart. That can be as simple as identifying weaknesses within a certain operational practice and identifying it to one’s principal (boss).
There’s another bonus when we elevate our understanding of risk management. These insights can help us recognize business decisions as just that, and not necessarily reflections on us or our abilities. If you were to ask accounts, and payable staff who’ve fallen prey to fraudsters’ emails whether they would have appreciated internal controls that required approvals prior to updating a vendor’s financial institution information, you know they’d respond with a resounding “Yes!”
About the Author: Shelagh Donnelly educates and inspires assistants on topics ranging from meetings and minutes to communications, resilience, cybersecurity, and working with boards. She helps assistants nurture their adaptability, productivity, and resilience in order to enjoy their career and continue to add value even as roles evolve. An international speaker, Shelagh worked with C-level executives for more than 25 years and is recognized for her governance expertise. Shelagh founded her globally read Exceptional EA website in 2013.