The House of Risk
Let me share a metaphor that illustrates my thinking about risk management – and how many only practice it partially.
Imagine a house.
On a regular basis, inspections are conducted to identify, assess, evaluate, and treat conditions found around the home.
- The cleanliness of the home is inspected and action taken to clean carpets, and so on
- Termite inspections are performed, as well as inspections for other pests
- The condition of equipment is checked, such as the filters and vents for the heating/air conditioning system, the safety of the electrical wiring, the condition of the plumbing system, and so on
- The cars are checked for fuel and oil levels, tire and brake condition, and so on
- The insurance policies are updated as needed, and emergency supplies are verified
A report is provided to and reviewed with the homeowners, who decide whether to make any repairs or other corrective actions.
That all sounds good. It is somewhat analogous to the traditional risk management activity, where risks to objectives are assessed, reports are reviewed with senior management and the board, and actions taken where the ‘risks’ are outside desired boundaries.
But is it enough?
Imagine the same house.
It is a place where people live. The family that resides there is changing the condition of the house all the time, using the equipment and possibly breaking it, cooking and possibly leaving crumbs around to attract pests, leaving toys on the stairs, making a ruckus and annoying neighbors, and so on.
People in the house are making decisions and taking actions that create or modify risk.
Risk needs to be understood and an integral part of the decisions made by the residents, whether grandparents or grandchildren.
So what am I saying?
The management of risk entails both periodic inspections and continuous practice.
Does your organization both inspect the house and live safely in it?
I welcome your comments.
Join me for a discussion about effective risk management. Details of webinars and in-person events are at RiskReimagined.com.
You can also read World-Class Risk Management.