#365 – COMMUNICATION AND CONSULTATION IN ISO 31K RISK MANAGEMENT – PETER HOLTMANN

This article is the ninth of fourteen parts to our risk management series. The series will be taking a look at the risk management guidelines under the ISO 31000 Standard to help you better understand them and how they relate to your own risk management activities. In doing so, we’ll be walking through the core aspects of the Standard and giving you practical guidance on how to implement it.

In previous articles we’ve looked at the core elements of the risk management framework, as well as the role of leadership and commitment, integration, design, implementation, evaluation and improvement more specifically. We’ve also briefly looked at the risk management process in a general sense. In this article, we’ll be starting to take a deep dive into that process by firstly looking at the role of communication and consultation.

Introduction

Leveraging good communication and consultation during the risk management process is imperative. This is because without proper and effective communication and consultation, your stakeholders – internal and external – may lack a proper understanding of how risk decisions are made and the nature of the reasons which inform those decisions. What these two factors of communication and consultation come down to is trust and transparency. Without them, your risk management activities may be considered secretive and out of reach from the members of your organisation, which compromises the need for promoting an awareness and understanding of risk and feedback from your organisation’s members to better inform those decisions in the form of feedback and information. We’ll dive into the nuances of these in this article.

Communication and consultation generally

Communication and consultation go hand in hand. For clarity, communication refers to promoting an awareness and understanding of risk. This promotion can take the form of written, visual or verbal communications in the channel, with an example being visual posters and written risk policies or email updates on risk. On the other hand, consultation focuses more so on getting feedback and information from stakeholders. This information is then to be used to support decision-making regarding risks. This can take the form of engaging an external consultant, creating risk management committees which are inclusive of people from different levels of your organisation, or even facilitating industry round tables events. In any event, the interaction between communication and consultation should be addressed in tandem, noting that you cannot have one be wholly effective without the other. To enable this close coordination, you need to facilitate an exchange of information which is factual, timely, relevant, accurate and understandable. To ensure that these factors are indeed being performed, it is crucial to have a mix of different stakeholders with different experiences and perspectives to act as ‘checks and balances’ of those factors.

Bringing together different areas of expertise

As we touched on in the previous paragraph, communication and consultation need to be performed with a mix of different stakeholders. Now, such stakeholders can be internal or external. What is most important here is that you have a mix of the two – one is not more or less important than the other. For internal stakeholders, you may choose to take advantage of members of your organisation from different hierarchical levels, which may range from your ground operations team through to your executive team. What this mix ultimately aims to do is leverage the different knowledge, experience and perspectives of diverse stakeholders for a more well-rounded and holistic approach towards the risk that is being addressed. The same can be said for external stakeholders.

Aligning different perceptions of risk with sufficient information 

Now, while the benefits of having a team with diverse risk expertise are extensive, one of the biggest issues which can arise is the misalignment of their views. To combat this, it is critical that the perspectives which are offered are done so in accordance with how you define your risk criteria, as well as how you evaluate risks against that criteria. This also speaks to the importance of having proper and accurately drafted risk assessment and evaluation criteria. Part of aligning these different perceptions is providing sufficient information to inform those perspectives. You may choose to take such information from (firstly) your risk assessment and/or evaluation criteria, internal organisational data and statistics, as well as external data and statistics from industry. Curating such information needs to be done in a mindful and conscious way which is relevant to the communication and consultation process being performed as effectively as possible.

Integrity, privacy and confidentiality

With respect to the different areas of expertise that may be leveraged in the risk management process, it is critical that you turn your mind to the integrity, privacy and confidentiality of the information which arises from those discussions and insights. For example, your choice of stakeholders to bring different areas of expertise to the table may not be of any use if their contributions lack truth or integrity. Again, the group approach of communication and consultation can be an effective way to identify and overcome such conflicts by offering a ‘checks and balances’ approach. You will also need to turn your mind to any privacy obligations you may have under your relevant jurisdiction. This is to ensure that you are not breaching the privacy rights of any individuals in their disclosure of information to you, and that the members who are involved in those discussions treat the information which arises from them as confidential until indicated otherwise. You should have a look into any relevant workplace policies you have around privacy and confidentiality to inform your approach to those, as well as any relevant legal duties or obligations imposed upon you or your organisation.

Providing adequate resources

The activities that we’ve discussed so far can’t be performed effectively without proper resourcing. You need to ensure that your management team selects the right people to inform your risk management activities and process, and that the proper resources are in place to support those people in doing so. This may take the form of altering one of those people’s workloads in order to give them the capacity to be effectively involved in risk management activities, such as committees.

Building a sense of inclusiveness and ownership regarding risk

Those people within your organisation who are affected by risk should have the benefit of feeling a sense of inclusiveness and ownership in addressing and overcoming that risk. What this ultimately aims to do is create a sense of empowerment and accountability for mitigating or eradicating that risk. The bonds which your team may make in achieving this can have the benefit of enhancing your workplace culture and attitudes to risk more holistically, of which can provide significant benefit for your risk management activities.

Conclusion

Overall, the role of communication and consultation in the risk management process cannot be understated. Without it, you threaten to exclude  a holistic and well informed response to your risk management activities, of which can have significant ramifications for your organisation’s risk performance. For this reason, communication and conclusion need not only be conducted in the most general sense, but it also needs to be done in a manner which allows for diverse knowledge, experience and perspectives to be considered which are not only offered with integrity, but also in a way which are conscious of privacy and confidentiality duties and obligations. Participants contributing to that diverse approach also need to be properly supported through adequate resource allocation, of which has the benefit of building a sense of inclusiveness and ownership towards organisational risk, ultimately positively contributing to your organisation’s risk management culture and process more generally.

If you have any stories – good or bad – about how you’ve utilised communication and consultation as part of the risk management process within your organisation, I would love to hear them.

If you’re looking to improve your risk management process and would like some guidance or a conversation to help you on your journey, please contact me. I’m more than happy to guide you.

About the author

Peter is the Founder and Director of Holtmann Professional Services, a global provider of executive coaching, business excellence consulting and career path development. Peter has 20 years of experience in executive roles and has been the President and CEO of a global non-profit. Peter has written for many journals and blogs, is a keynote speaker and is a champion of prosperity through excellence of leadership.

If you are interested in working with Peter, please reach out to enquiries@holtmann.com.au.

Leave a Reply

Your email address will not be published. Required fields are marked *