Risk identification – facing up to awkward risks

Jenga tower to show effect of awkward risks on a business

“We’re about to be splashed across the trade press for protecting sexual predators!” The head of marketing said, storming into your office wrapped in panic. You sit her down, make a strong cup of tea, and try to find out a bit more. 

An imminent media crisis is about to engulf your company. Numerous former employees have come forward with allegations of harassment against a former chairman of your company. The employees even have records of complaints made against the chairman that were brushed under the carpet. It turns out his behaviour was an open secret for years. Not only did the leadership fail to act, they just threw a gala dinner in honour of his retirement after a lifetime at the company.

The tea’s gone cold, and you both head out for a strong drink.

This is known as an “awkward risks” risk; something everyone knows about but is reluctant to raise. It might be out of fear of being accused of causing a fuss, or worried about being the bearer of bad news management doesn’t want to hear. Risks can grow malignant and intransigent when people are too afraid to face them head on. Further, risk around people and culture can be the most dangerous of all.

Yet as a risk manager, you have a responsibility to ensure that these types of risks are surfaced so that they can be recognised and managed effectively. How is it possible to identify these risks without alienating the people who need to share this information?

How to raise the issue of awkward risks

One of the ways these types of risks can be raised in a safe way is to invite people to share them as part of the risk identification process. In our experience, using an anonymous survey to reach a broad and diverse group of people across your organisation can give a voice to those who would ordinarily lack confidence in raising issues that many might find controversial.

While reviewing your responses to the survey, you may decide that some of these types of uncomfortable truths need to be discussed so that you can review the facts and mitigate the associated risks.

Identifying and mitigating awkward risks

By proactively identifying and managing your more sensitive or awkward risks, you can help to avoid managing a crisis later and ensure that your organisation is more resilient. In short, better to grab the bull by the horns than be trampled underfoot.

We will be discussing how to highlight these types of risks in our risk identification masterclass on 17 October. The interactive session is geared towards helping those responsible for risk management at their organisation. Delegates will be presented with the latest and most effective risk identification methods that will assist them in obtaining a 360° view of risk in their organisation.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.