Most well-managed organisations have long had elaborate and seemingly comprehensive risk management policies. However, numerous surveys have shown that relatively few employees know what is in them, and fewer still understand either their significance or the associated procedures.

 

This implied emphasis on form over substance is just one of several critical weaknesses embedded in many risk management policies. Others include -

 

1. Risk identification

 

For most organisations, the single greatest risk is the way in which risks are identified and prioritised. Risk management models are only as good as the information which is fed into them.

 

Risk management is primarily about perceptions. The latter are substantially informed by past experiences and personal and organisational values. If senior managers all have broadly similar ambitions and values, as they usually do, they may also have common ‘blind spots’.

 

Such blind spots are reinforced by the conformist thinking of career-minded scenario planners and ‘thought leaders’. The more respected the forecaster, the greater the pressures not to stray too far from consensus views and assumptions.

         

2. Local conditions

 

Procedures intended to mitigate risk are often uniformly applied across the organisation, with minimal adjustment for local conditions.

 

The tendency to disregard or misjudge local factors is reinforced by the media’s readiness to attribute developments in Africa to the first easy explanation that springs to mind.

 

Such ‘soundbite analyses’ reinforce prejudice and misperceptions. They also obscure the true causes of events and thus the risks which they may pose.

 

3. Stakeholder consultation

 

The importance of stakeholder consultation is widely recognized. However, the motivation, skill and objectivity with which it is conducted varies considerably.

 

More often than not, the wrong questions are asked of the wrong people by the wrong people in the wrong way and at the wrong time. The resulting feedback can be wholly misleading.

 

4. Risk transfer

 

Many organisations compulsively try to shift as much risk as possible to others, regardless of whether the other parties are able to manage the risk or to bear the consequences should it materialise.

 

When they eventually collapse under the strain, as sometimes happens, the consequences for the original risk-shifting party are often far more severe than would otherwise have been the case.

 

5. Contractual risks

 

Most organisations include dispute resolution clauses in all contracts, yet their importance is often under-estimated. Negotiators trying to close a deal may avoid dwelling on the possibility that their principals could soon be in dispute.

 

Careless drafting of the dispute clause can give rise to extended and costly legal wrangling as regards sequence, jurisdiction, limitation, confidentiality and other potential procedural issues.