The evolution of people-centred risk management
Until the Global Financial Crisis (GFC), risk management was often focused on building frameworks through policies, procedures, and governance arrangements. Culture was important, but the focus tended to be on documentation and process.
Following the GFC, a profound shift in thinking took place. Culture was recognised as a key driver of comprehensive and successful risk management and without the 'right' culture, organisations were more likely to mismanage their risks. Since then the thinking on risk management culture has further evolved.
What is people-centred risk management?
People-centred risk management is part of this evolution. It takes a different approach to risk management – with the primary focus being the individuals who make decisions in an organisation.
Of course, it starts with the organisation's strategy and objectives and how risk management can help achieve those objectives, but it then puts individuals, instead of process, at the centre of the design and implementation of effective risk management.
At the heart of people-centred risk management is the notion that all aspects of the risk management framework must be designed with the ultimate users in mind – staff, managers, executives and others. The systems and tools which risk management provides, as well as ongoing guidance and support, must be user-friendly and engaging.
The benefits of investing in a good framework and fostering the right culture may not be realised if the tools are difficult to use. Also, as far as possible the benefits of good risk management, in the form of better decision making, should be accessible and transparent for the people involved.
What are the advantages of people-centred risk management?
Daniel Frank, Director at PFS Consulting and leader of the firm's Governance, Risk and Compliance team, notes how important the GFC was for this change in attitude. "The GFC forced organisations to think about culture. They realised that risk arises from the sum of all people's actions within the organisation, and that good risk management must start with the individual components."
"If you're designing a risk management framework with the users in mind, you will focus on driving behaviour which will in turn drive your risk culture." Therefore, the framework must be designed with the people in mind. Only when the implications for the users have been thought through should boards and CROs start publishing risk management materials and promoting tools and strategies.
"Here at PFS Consulting, we've been working with a large APRA-regulated organisation to improve their risk management. Before they came to us they had highly technical risk management processes, but there was limited engagement. PFS Consulting has helped them take a step back and look at the bigger picture. We helped them work out what exactly they were trying to achieve and how people can engage with risk management to help them in their work. We are still waiting to see the full results but so far it has been very positive."
People-centred risk management takes a bit more effort (although it isn't necessarily very costly), because it involves taking a step back at the outset to think about the implications for all those involved.
Risk management is changing
Risk management is now rightfully at the core of organisations' priorities. This prominence is encouraging although there is still a way to go – something which the 2018 Royal Commission clearly demonstrates.
However, to get more value from your risk management framework, you should always put people first.
For more information on how PFS Consulting's risk management services can add value at your organisation, contact us today.