Risk Culture – “Do As I Say, Not As I Do?”
Language is defined as a system of communication used by people in a particular country or type of work consisting of sounds, words, and grammar.
The key word in this definition is “communication”. For communication to be effective the intended message must be successfully delivered, received and understood. In an organisation (government ministry, department and agency) it enables the employees to deepen their connection with others and improve team work, decision-making, and problem solving capacity. Organisations in Nigeria are made up of employees from different native languages, backgrounds and education levels.
Since risk management is fundamental to business success and long term sustainability, it implies that the understanding of this management science through a common language and meaning is critical for its successful embedding and implementation.
Effective risk management is not just about having good policies, procedures, risk registers and processes, it needs to involve everyone in the organisation, from the Board Chairman, CEO (Minister, Perm Sec.) down to the clerical officer. For that to happen, there needs to be a common language that enables everyone to talk about risk, and to be able to understand each other.
Risk management provides us with the discipline and the language to take a step back every now and then and project our thoughts forward, through mutual discussion and conversations, and to discuss the longer term effect of whatever it is that we are doing in the organisation.
Therefore the language and vocabulary have to be common and pervasive. They have to be conveyed into every part of the organisation and to become a part of the common language for the business at every level. This means that it has to be kept simple, straightforward and understandable.
This common language is crucial to establishing a long lasting risk management process that encapsulates and provides structure to all the risk management processes. The risk management policies, frameworks and operating model are normally how this is articulated, but are made real by the consistent use and sharing of the common language throughout the organisation.
The establishment and articulation of the overall direction for integrated enterprise risk management, including vision, objectives, supports this common language. This also ensures the successful integration of the risk management function into the organisation. It also ensures all are speaking the same risk management language and totally understand each other.
Here is an A to Z of do’s and don’ts regarding effectively employing risk language and vocabulary; A – Absolutely no acronyms – there’s nothing more effective at putting people off risk management than a series of letters that no one understands. B – The benefits of sharing a common language for risk management are vast and must be stressed. C – Consistent communication is the bedfellow of successful risk management. D – Define clearly what you are talking about and provide easy to access definitions of the more complex aspects of risk management E – Energy is required to make communicating risk management successful F – Finishing the causal loop in your mind will help to predict what the outcome might be G – Good Governance keeps the discipline of the common language in place. H – Making the risk management language part of the organisational habit is important. I – Incentives are important to ensure that the use of the language is shared and consistent. J – Joining the risk management language up with the language of the organisation is critical to ensure that there are no inconsistencies. K – Key terms should be emphasised persistently and consistently. L – Listening and Learning how the language is used throughout the organisation will help to recognise that the language is being used consistently and is understood. M – Myths are common if the language is not consistently used. O – Ownership of the language rests with the whole enterprise. It is a mistake to assume that the risk management practitioners keep the language to themselves. P – Practice the language and vocabulary at every opportunity. Q – Qualitative and Quantitative language and vocabulary should be developed. R – Reports should use the language and vocabulary. S – Specific terms might need to be explained in a glossary which is easily accessible. T – The language of threats should be identified separately from the language of opportunity. U – Uncertainty is the central theme of risk management and the language and vocabulary should reflect this. V – Value through the use of the language and vocabulary should be measured through the outputs of the risk management processes. W – Whistle blowing should be widely encouraged as part of the governance process and the language of risk management should speak to this. In order to implement a consistent approach to the use of the language and vocabulary of risk management, we must consider make a statement that clearly sets out the objectives for integrating the risk management language into the wider use of language in the organisation. This statement must at the outset set out what is meant by risk, risk management, opportunity, threat, risk analysis, risk evaluation, risk control, risk action.
Once everyone in the organisation is using a consistent language for risk management, from the CEO to the most junior officer, then there can be an open and frank exchange about the opportunities and threats that bear upon the achievement of the organisation’s goals.
It is only with that common language that the organisation can predict and respond to opportunities and threats as they present themselves in the day to day activities.
Imagine being driven in a fast car by a driver who doesn’t understand what you mean when you say “slow down” – it will be tantamount to an accident waiting to happen!