- Business Risk and Resilience
Too often risk management training is limited to those team members who are employed to perform roles within dedicated risk teams, such as risk managers, compliance and auditors. As the focus of operational team members is often directed to bite size reminders to raise awareness of what to be on the look out for in order to fit into an environment of competing demands, it results in limited development of foundational risk literacy. This article will explore the challenges faced by organisations with poor risk literacy and the benefits of investing in risk literacy as a foundational capability.
Challenges resulting from poor risk literacy
- Reactive risk management – broader team members will engage with risk management functions only when they absolutely must, often limited to reporting a new risk or issue. Managers of business teams will also be involved in regular risk and control self assessments, but poor engagement may be seen for those who do not have an effective and foundational risk literacy. This paradigm feeds into the perception that risk management is a barrier to progress, rather than an enabler.
- Immature risk culture – a lack of awareness relating to the purpose and structure of risk management has a flow on effect to poor risk culture as risk behaviours and discussions are not informed by a solid understanding of operational risk management. This may have the flow on effect of poor risk reporting, which reduces the completeness of aggregated risk reporting.
- Skill shortage of risk professionals – without building foundational risk literacy across a range of team members, risk management is not well understood and may result in many not seeing the value of risk as a fulfilling career path. This may present challenges to organisations in resourcing and succession planning.
- Limited capacity for continuous improvement – change management efforts are made more difficult when organisations undertake risk transformation projects as foundational risk management knowledge often needs to be established as part of the introduction of overall changes resulting from continuous improvement.
Key benefits of investing in risk literacy
- Positive engagement with risk management – increased risk literacy empowers team members to be active participants in the risk management of their organisation. This supports the philosophy of everyone in an organisation playing an important role in the governance practices required in operational risk, including providing feedback on the risk management protocols. This includes engaging in constructive discussions following the identification of issues or when an incident has occurred. Leaning into a learning and continual improvement focussed risk management attitude.
- Building a positive and strong risk culture – a foundational level of risk literacy across an organisation enables all staff to understand the role that they have to play in risk management, including the accountabilities. It helps to reinforce expected behaviours of those responsible to take action in response to risks, incidents and issues being raised.
- Improving risk informed decision making – improved risk data can reasonably be expected as a result of the positive engagement that effective risk literacy may bring to an organisation. An uplift in aggregated data helps to deepen and clarify the view of the organisation’s risk profile, thereby enabling improvements in decisions made.
Within the field of risk management, we are focussed on effectively identifying and managing risk so that operational activities are within the risk appetite set by the Board, including pursuing of opportunities, and major incidents are avoided. To enable this, investment in building a foundation in risk literacy is critical to empower all members of an organisation to play a strong role in its governance. Seeking out opportunities to improve foundational risk literacy within teams across the organisation can occur through a variety of forums, from training to discussing risk in team meetings to reporting on control effectiveness to teams as well as management. By promoting the value of risk literacy, and risk management more broadly, organisations will enable an effective risk culture, build strong risk capabilities at all levels and ultimately achieve effective, risk informed decisions.