Do you remember ever trying to touch a hot stove as a child and your mom or dad swatting away your hand? The initial slap was startling, but you eventually grow up to realize that your parents were just warning you about the threat and protecting you from harm.
If not painful, a type of smoke detector or alarm for risks can always be beneficial in terms of containing these risks and avoiding the lion’s mouth altogether. Christopher Dorobek of the DorobekINSIDER program talked with Todd Grams, Director at Deloitte’s Federal Consulting Practice, about how to better identify and manage risk.
Grams believes many agencies can overcome their aversion to risk by installing three fundamental tools for managing risk:
- A common definition of risk.
- Framework to manage risk at an enterprise-wide level.
- Risk-related data that is often untapped.
Grams also stressed that federal leaders must make accepting or mitigating risk an integral part of their organization’s strategic decision-making process in addition to simply being aware of that the risks exist. He discussed the critical need for federal agencies to adopt program frameworks that not only identify and respond to risks but also inform budget and strategies, protect agency reputation, drive agency performance through appropriate risk taking, and reduce surprises to senior leaders.
Here are some of Grams key interview points:
- Why Managing Risk Matters: “Risk management done well can prevent bad things from happening,” said Grams. “And those could be bad things that happen to your operations, to your financial posture, or to your organization’s reputation.”
- He continued by explaining that organizations can drive performance by managing risk and increase their chances that they will get good outcomes. Organizations create value by taking risks, and they can lose value by failing to manage them.
- Defining Risk: Risk management requires consistency in definitions, language and terminology. By using similar terminology, risks will be easier to identify and approach. These definitions become a framework for risk management that enables agencies to make critical decisions regarding leveraging a risk, mitigating a risk, or accepting it.
- With Innovation Comes Risk Management: Grams argued that without good risk management, innovation could not occur. Agencies must be willing to invest the time and resources to mitigate small risks to prevent them from developing into an actual threat to the missions, objectives, and goals of these organizations.
- Not Enough Risk Management Is Occurring: Some agencies are currently doing a great job with risk management efforts, such as NASA and others who have to deal with risk daily. As for across government, Grams said there was not enough risk management. “Is there enough of it? I would say absolutely not,” he said. “There are a handful of agencies [that] are ahead of the curve, [that] have risk management programs in place. There are others that are thinking about it right now, and I think there are others who are less concerned.”
- Risk Management Drives Performance: If an agency is not fully aware of its risks, then it will not be able to successfully manage these risks.
- Tackling Risk Bit By Bit: Handling risks with multiple dimensions may require multiple steps. Gram suggests using an “80/20” rule where an organization can expend 20 percent of its effort that will have an 80 percent impact in helping to reduce or mitigate the risk. Grams referred to this rule as a risk intelligent approach.
Featured Image Attribution: Paul Townsend