Risk can be an uncomfortable topic for many organizations, due to the associated responsibilities and significant (and costly) consequences. The COVID-19 pandemic has shown that many organizations were ill-prepared, and this lack of foresight affected their response.
According to Lisa Sisson (pictured above), author and founder of Australia-based risk consultancy Unearth, there was a “failure of imagination” to plan for such an event at a government and organizational level.
“Most people I have spoken with shared they knew the [pandemic’s] potential, though they never thought it would happen in their lifetime,” Sisson told Corporate Risk and Insurance. “But it did.”
The failure of imagination
According to Sisson, the failure of imagination for the COVID-19 pandemic was a failure to realize that it was not just a health crisis but actually a crisis of society.
“While the health impacts are shocking, consequences have stretched across all aspects of society including employment, education, transport, supply chains, construction, health infrastructure, manufacturing, hospitality, tourism and energy sectors,” she said.
Another failure of imagination was to take into account the changed world environment, Sisson said. Earlier pandemics, such as the 1918 influenza and 2003 SARS, happened in times before the affordable and accessible international travel, instant communications and complicated supply chains of today. These were also before the era of social media and “fake news” that led to science denial and vaccine hesitancy, she added.
“Failures of imagination meant that relief packages such as disaster relief payments for those quarantined, as well as job seekers and employers, were all developed on the run,” Sisson said. “Many state governments’ border closures and local lockdowns were enacted within ever-changing and inconsistent policy environments. Why? Because the need had not been imagined, planned out, nor tested. Future planning must go beyond the expected and the known and must focus on all the consequences, not just the immediately obvious impact.”
Focus on the people
Sisson said another mistake she has observed in many organizations is that they forget that their risk management plan should be centered on their people.
“After all, your people touch every your business and it is your people who are responsible for executing your risk management plan,” she said. “It’s your people that engage with customers, utilize technology, create your processes and policies, and make decisions and take action (or not) that affects your business daily. Some organizations say they understand their people, but when they talk risk management they often talk at their people and not talk with them. Understanding of role, responsibilities and expectations needs engagement, when your people are not engaged, they might see a potential threat and think it is someone else’s problem.”
When people are engaged, they are more likely to air their concerns when they sense something’s not quite right. These conversations, she added, can sound out areas of potential harm and are among the most effective ways to reduce organizational risk, if captured and responded to appropriately.
“If your risk management measures don’t support people or impedes their ability to perform their job function, they can become frustrated and even disengaged,” Sisson said. “Worse, they can find creative work arounds to complete their work but leaving your business exposed.”
Building a safe zone
To help an organization avoid having a failure of imagination or lose sight of its risk management goals, Sisson believes building a “safe zone” is critical.
“One of the fundamental steps in positively turning the dial on risk management is creating a safe zone, or an environment that allows people to feel safe to succeed without fear of failure, and without ramifications on the business,” she said. “It’s only when people feel safe to fail, that they also feel safe to succeed.”
One of the crucial components of the safe zone is forming connections with people and tapping into their desire to protect the organization. This, Sisson said, must be demonstrated from the top down, through all levels of the organization in order to foster honesty, debate and better decision making.
“Environments that encourage a culture of concealment, secrecy, cover-ups, blame-shifting and scapegoating not only create toxic environment in which to work, it also means you create blind spots of internal risk,” Sisson said. “Once you have removed the fear associated with failure, you begin to shift the culture in your organization. By investing in your people’s growth and well-being and supporting them to stretch themselves, people tend to reciprocate and feel connected to the organization and its success, often with a sense of pride, delivering a culture that understands and thrives on risk.”