What Gets Attention in Risk Management, Gets Funding

March 15, 2018

Do you know the expression “What gets measured, gets managed”? The quote is from business management expert Peter Drucker, although some people attribute the principle to William Thomson, 1st Baron Kelvin.

There’s another somewhat similar principle highlighted by many experts, such as Robert Cialdini, and it goes something like this: “What gets attention, gets importance”. According to this principle, people focus more of their time and thoughts on what is getting the most attention. When there’s a lot of “noise” about something, people will assume it’s important, even if it isn’t.

The principles outlined above apply directly to also, and you need to be aware of them to succeed in your risk mitigation efforts.

Why Does Risk Management Exist?

Risk management exists because of the effect of uncertainty on objectives. But there’s another, more practical, reason why risk management exists: financial resources are limited. If your organization had unlimited financial resources, it would be able to eliminate most risks that lead to negative consequences, rather than having to manage them. There would still be risks that could not be eliminated (e.g. risks associated to climate change, natural disasters, weather events, etc.), but almost all risks within your control could be eliminated if costs were not a factor.

The fact that financial resources are limited, and therefore risks must be evaluated to determine their priorities, means that must make sure their risks get visibility. This is not as obvious as it seems. The word “risk” has a negative connotation for many people, and it may be interpreted (wrongly) as something controversial. For some operational managers, admitting the presence of a risk in their area of responsibility is like admitting failure. This mindset is absolutely wrong, because highlighting a risk provides an opportunity to mitigate it, and improve the organization.

Don’t Be Afraid to Show Your Risks

Risk owners should not give visibility to their risks just for the sake of visibility and transparency. They should do it to make sure that the company allocates the resources required to mitigate the risks. It costs money to either remove causes of risks or implement control measures, and risks that get attention are more likely to get the funding to address them.

For example, imagine if a type of industrial equipment in eight facilities is too old and creating a risk of worker injury. A new replacement equipment costs $50,000 each, meaning it would cost a total of $400,000 to eliminate the source of the risk. No executive will allow such an amount to be spent without a very good reason, especially when there are other risks. But by channeling attention and focus on the direct consequences of the risk (injuries to workers) and the indirect ones (operational disruptions, worker compensation costs, loss of reputation), the EHS manager improves the likelihood of getting the $400,000 required to mitigate the risk, especially when there is “competition” between all risk owners for the limited financial resources.

What gets measured, gets managed. Also, what gets attention, gets importance. Be sure to measure the consequences of the risks that you own, and to bring attention to your risks, so you increase the odds of getting the funding required to address them.

Webinar GRC Operational Excellence