With these six steps, you demonstrate the added value of risk management (2024)

Risk management is mostly performed in the second line, whereas it should really be done in the first line. After all, the first line is responsible for identifying the risks relevant to it and controlling these risks with measures.

Awareness of risk management

The first line does not always see the importance or added value of risk management and may perceive it as bureaucratic. The fact that the first line does not experience the added value of risk management is largely due to a lack of knowledge and experience. After all, unknown makes unloved. For the implementation of risk management in the organization it is especially important to make the risk owners in the first line aware and let them learn according to the learning principle of demonstrate, participate, do it yourself to discover the added value of risk management.

Avoid 'floating' risks

The implementation of risk management first requires a clear structure of goals, processesand owners. Risks should always have a direct relationship with a goal, process or project (we call this the 'context' of the risk). If a risk is not directly related to a goal, process, project or standard, etc., then a list of 'floating' risks arises whose added value can indeed be questioned. After all, a manager or director only wants to deal with risks that actually threaten his goal or could disrupt the process.

Increase knowledge and experience

The pitfall for the implementation of risk management is that 'department managers' are often asked to name their risks, but rarely receive proper feedback. When gaining knowledge about risk management, it is not primarily about quantity but about quality. Instead of immediately drawing up an entire risk profile that is only discussed to a limited extent, it is advisable to have each manager thoroughly explore one risk and to give extensive feedback on it. By deepening I mean mapping out the risk event, including the causes and consequences. Subsequently, measures can be devised on the causes and consequences to reduce the risk. After all, if you go to the doctor with a complaint, you also want him to investigate the cause and prescribe the right medicine, instead of sending you home with a paracetamol.

The Six Steps

To achieve the above, I list six steps below that can help to effectively draw attention to risk management in primary care and increase knowledge and experience:

1) Structure: Laying the foundation for first-line risk profile (relationship with goals and activities determines who is responsible for what)

This component is the basis for effective risk management. By working from the context, the maturity level will also grow. Steps to achieve this are:

A. Mapping key:

  • Goals
  • Processes (primary and secondary processes)
  • Projects
  • Laws (Compliance)

B. Linking controllers to the above topics. These responsible parties are also directly responsible for the risks per goal / process / project / law.

2) Using an example (to demonstrate) to ensure that primary care gains more knowledge and experience in risk management and then to work out one risk and give feedback on it (do it yourself)

  • Owners ask about the main risk to their goal/process/project/law, also naming the causes and consequences.
  • Ask owners to estimate probability and consequence (financial and impact on goal/process/project/law).
  • Owners ask about possible control measures on causes/effects and their effect.
  • Owners ask about the cost of the proposed control measures.
  • Owners are asked to make a cost/effectiveness assessment of measures.

3) Assessing the risk identified in point 2 and providing individual feedback

Extensive feedback so that the first line learns to be able to 'manage' risks better in the future.

4) Complete the risk profile

First line completes the list of strategic and tactical risks for itself, following the example of the most important risk and feedback.

5) Integrate risk information into existing management reports

From separate risk reports to integrated reports. Identify the most important risks in the goals, processes, projects, etc. and what is being done to manage these risks. In this way, goals, activities and risks are represented in their mutual coherence in accordance with the pyramid above, instead of as separate 'floating' elements.

6) Record incidents and costs that have occurred (what are the risks)

Monitor which risks actually occur and their consequences. Based on this information, consider making adjustments. After all, a donkey doesn't stumble twice on the same stone! By going through this roadmap, first-line managers will become more aware that actively managing risks helps them to be more successful in achieving their goals or results. From the awareness and knowledge gained, they are more likely to want to use it on their own accord. A necessary step for successful implementation of risk management.

Getting your Governance, Risk and Compliance in order? FullyInControl automates your processes, gives you insight and helps you make the right choices. Check out our GRC solution to learn more. Go to the page using this link.

With these six steps, you demonstrate the added value of risk management (1)


The danger of an (unbalanced) dashboard

With these six steps, you demonstrate the added value of risk management (2024)
Top Articles
Latest Posts
Article information

Author: Rev. Leonie Wyman

Last Updated:

Views: 5560

Rating: 4.9 / 5 (79 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Rev. Leonie Wyman

Birthday: 1993-07-01

Address: Suite 763 6272 Lang Bypass, New Xochitlport, VT 72704-3308

Phone: +22014484519944

Job: Banking Officer

Hobby: Sailing, Gaming, Basketball, Calligraphy, Mycology, Astronomy, Juggling

Introduction: My name is Rev. Leonie Wyman, I am a colorful, tasty, splendid, fair, witty, gorgeous, splendid person who loves writing and wants to share my knowledge and understanding with you.