Does your organisation promote (pitch) its culture as a point of difference to the market, prospective employees and current employees? The intent may be to portray a favourable image, by promoting values like trust, empowerment, and inclusiveness. Perhaps there are banners and other marketing that shares your organisation’s values and purpose.
Employees tend to be drawn to organisations where they believe there is an alignment in values and a sense they are heard and can contribute to the business. It gives employees a deeper reason to show up every day and take pride in their work. These employees are ‘engaged’ and that is important in risk management.
People naturally become aware of threats to the things that are important to them, often instinctively. Their desire to protect what is important can also apply to your organisation. Engaged employees often want to protect the well-being of their organisation and colleagues.
Your organisation may truly believe in its values and its people. But is what you are communicating in conflict with what you are practicing?
Your risk management strategy influences how your organisation operates, as you need to comply with market, legal and regulatory requirements and expectations. The thing about planning for risk is that it can make us fixate on potential threats. To protect what we value most, we can become so worried about the things that might happen that we introduce systems of protection, that are themselves sources of risk. The introduction of processes to reduce risk or human errors, can create overhead, as well as frustrate employees and even create a culture of suspicion and mistrust. At times this can been seen to cause more harm than the original threats we hoped to protect ourselves against and can conflict with the values you promote.
Your organisation’s risk management approach affects your employees, as they touch every aspect of your business. This can include daily operations, engaging with customers, utilising technology, creating and adhering to your processes and policies, and making decisions and taking action (or inaction) that affects your business daily.
Your risk management approach must support your employee’s ability to perform their functions. If your measures impede employees, they can become frustrated, and even become creative to find work arounds to complete their work, leaving your business exposed.
It is senior executives that are accountable for the organisation’s risk management plan. Though it moves from the original handful of decision makers into the business where the real responsibility, the execution and day-to-day management of risk, is by your people.
Time for a rethink
Even with our best intentions to reduce the effects of certain types of risks, we can find ourselves creating and exposing the organisation to other types of risks.
Considering the importance of your people in your business, including the execution of your risk management plan, ‘disengagement’ is a serious risk to be aware of. Many executives associate disengagement with productivity and don’t consider the risk exposure. When employees are disengaged, they are at best satisfied with the bare minimum level of productivity and focus. Which is why statistic shared from Gallup’s recent State of the Global Workplace Report, that 80% of workers are not engaged or are actively disengaged, is incredibly concerning.
When it comes to disengaged employees in the context of risk, there are three concerns:
- Lack of attention leads to errors and ‘unintentional’ insider threats, which is the most common type making up two-thirds of incidents.
- A lack of situational awareness, they don’t even see there is a risk.
- A low ‘care factor’, if they do identify a threat or vulnerability, they see it as someone else’s problem.
This is why disengagement is so important and why you need to take a person-centric approach to reduce your organisational risk profile. Often disengagement comes from a lack of connection to the business, its purpose, a lack of trust with leadership, or not feeling valued and heard.
So, do you really trust your people? Are your communications and actions helping or hindering the development of trust?
It is only by focusing on risk with and through your people, that you are going to truly solve your organisational risk exposure, discover opportunity and drive transformational change.