Risk management as business best practice, and the regular use of risk identification in the workplace, are now well-embedded in organisations across all industries. However, identifying and then managing risk only works properly if the people doing the identification realise something is ‘risky’.
An unfortunately common phenomenon can occur when workers and their managers are used to seeing certain risks regularly repeated in their workplace. Everyone gets used to the risk, considers it a normal part of the workplace, and tends to forget to develop, implement or monitor the controls to manage it.
In addition to seeing the risk regularly and becoming used to it, if work tasks are repeatedly carried out without any resulting severe consequence, this experience further entrenches the perception that the risk is normal and not requiring to be managed.
This process is known as “risk normalisation”, and can result in incomplete and inadequate risk management programs which don’t fully protect the organisation or its workers.
Strategies for addressing this pitfall include:
- Ensure your organisation’s risk management methodology clearly articulates the importance of regular revision and update
- Ensure that it’s not always the same staff members undertaking the risk identification process on each revision
- Consider having staff from an entirely different section of the organisation participate in the risk identification process of other sections, so that a completely fresh set of ears and eyes is brought to bear that may detect unquestioned assumptions
- Include risk identification within the scope of internal or external audits to further utilise the ‘fresh set of eyes and ears’
- Occasionally engage a specialist risk management consultant to conduct the regular risk management program review and update, again bringing a fresh and objective perspective to the review of your organisation’s risks.
Please contact QRMC for more information.