Your eyes meet across the large desk. On the desk is the business plan for your unit, for the coming year. You have put a lot of time into this plan, though not enough time for you to feel comfortable about what happens next.
Continuing to look you in the eye, the boss asks:
Have you assessed the risks to achieving this plan? Why should I believe in it?
You look your boss right back in the eye, suppressing any tendency to look too pleased with yourself. You reply:
Yes, we have been through a risk assessment and management process, based on the International Standard and in line with the Commonwealth Risk Management Policy. Here are the results.
You then point to a modest but tidy stack of documents, and refrain from handing them over, as the boss won’t appreciate the implied request to actually read them on the spot. You then add:
Paperwork aside, it was a very good thing to do. As a result of that assessment, we can be fairly confident of reaching an acceptable outcome for the year and keeping the organisation out of trouble – subject to a couple of issues that we discovered as genuine threats. We should discuss those issues now. Resolving those issues could lead to a new edition of the Business Plan, if changes are still possible.
The conversation then moves to any actual risks and reservations identified through the risk management process.
After that conversation is over, you feel the relief of passing some background worries back up the line, though you also have some new commitments. You weigh up the cost of reaching this point of relative comfort. In the background, you secretly wonder if this moment might represent a quiet but permanent change in the way your unit is seen.
You decide that there was some work involved, but it was actually quite rewarding, and it was much shorter than some other ‘risk assessments’ into which you have been drawn and dragged. This one was easier because it just pulled together what you knew already. Its value wasn’t to make new discoveries. It didn’t try to do any mysterious magic through emotionally bonding workshops or through the imposition of hard numbers on soft stories. It just built an answer to the question the boss was always going to ask, internally if not out loud: Why should I believe in this business plan? It answered the question in a useful way. Perhaps even a productive and interesting way.
If you want to be in that moment, read on.
In Clear Lines on Audit and Risk, we don’t comply with risk management rituals and rules. We achieve confidence by actually managing risk. And it’s you, the manager, who does it.
If you want to run it past your local risk expert first, this is the best link to send to that expert.
|Risk in work unit business planning: Starting from the business plan|