Originally coined by the U.S. Army War College in the early ‘90s, the acronym VUCA, short for volatile, uncertain, complex, and ambiguous, has become a popular term for describing today’s business environment.
I agree this oft-repeated mantra could almost be considered cliché, but that doesn’t make it any less true. To make the best decisions possible in pursuit of strategic goals, executives need timely and accurate information.
This reality is one of if not the main reason why a thorough and efficient risk assessment process is so important.
To quickly recap from another article exploring the basics of risk assessment, this step can be defined as:
…a carefully constructed, constantly evolving, and regularly executed process within the organization that examines risks, both positive and negative, and prioritizes them using a combination of qualitative and quantitative methods to understand the influence a risk will have on the organization.”
To elaborate, “influence” can include how risks connect with the strategic plan, organizational mission, or specific operation(s). Also, “regularly executed” means more frequently than annually because the business and its operating environment changes more often than once a year. Hence, VUCA.
Without this all-important step, there will be no way to know where the company should focus resources, leading to an array of consequences like missed goals, lost revenue, and even displacement or failure in more extreme but a growing number of cases. As an example, just in the last few months, multiple companies in the Florida property insurance market have gone insolvent, while others have suffered credit rating downgrades.
I briefly mention in the risk assessment article different methods for gathering information after identifying the risks, with the two most popular being surveys and one-on-one interviews.
Each of the approaches have their merits depending on the circumstances, but in my experience, one-on-one conversations tend to yield richer information on risks and the company’s strategy.
But there’s a catch beyond ensuring the person is comfortable speaking with you, and that is…
How risk assessment questions are asked affects the quality of insights decision-makers ultimately receive.
This point has just as much to do with the human dimension of risk management that can mean the difference between success and failure. As a risk professional, you’re certainly going to have thoughts on the company’s direction.
However, this is not your risk assessment; it’s the company’s, so you have to be mindful of your biases and prevent any leanings or preferences from influencing the information you obtain from business areas across the enterprise.
This coupled with the reality of today’s turbulent world is why you want to avoid pointing things out and leading people on.
Therefore, to obtain unvarnished information on the business’ perspective, you want to avoid leading people down the path you think they should go or even give the impression you already know the answers.
Instead of asking point-blank if they have problems in a certain area, phrase your questions in a way that don’t point to a specific trouble spot.
Get them to tell you their perceptions of issues facing the company and their impact on its strategic goals and success.
For example, in a one-on-one session, I may start out with the following three risk assessment questions to get a lay of the land:
- Does the company have a strategic plan?
- What are the company’s three biggest priorities right now?
- How are these priorities going right now?
These open-ended questions can help you identify trends, which can then be used to understand root causes of what could help or hinder the company from achieving its goals.
In my example, I’m looking at the consistency in answers. If 3 people give wildly different answers to what the company’s priorities are, this could indicate communication problems.
Now if these three people were asked directly about communication challenges, they would be led down that specific path. They will likely say something to the effect of “now that you mention it” OR they will say they do not know any problems (since, for all they know, they’re operating from the same place as everyone else). Leading them on and assuming you know the risks and issues facing them is pushing your opinion on them, which isn’t helpful.
Of course, it’s important to remember these open-ended risk assessment questions are not all about pinpointing weaknesses, but strengths as well. It’s helpful to understand a company’s strengths, as they can offset weaknesses until those weaknesses can be improved or otherwise resolved.
I also want to point out that it is possible (and highly recommended) to not use the word risk in your information gathering stage. “Risk” as a word and subject can evoke some pretty strong reactions in some cases. The only time I use this word myself during a one-on-one interview is when asking about perceptions of the company’s ERM practices, with the specific purpose of listening to the person’s understanding of risk management practices, which can vary.
This one-on-one method using open-ended risk assessment questions certainly takes more time, but the potential for robust insights is so much greater. While it’s strongly recommended that you speak with at least a few people one-on-one, I realize surveys are much more practical for soliciting input from a larger group. Borrowing a page the ASK Method marketing system, surveys can be used for the larger group, but from that, you can peel off individuals to speak with one-on-one.
The big drawback of most surveys is that they typically rely on numerical scores, which on their own, don’t tell you much of anything. Therefore, if you have to use surveys, try to mix it up a little by including different answer options, such as a scale (not the typical risk scoring scale), yes/no, or a multiple choice with an “other” option where participants can expand their thoughts.
Taking special care with how you ask risk assessment questions can mean the difference between obtaining the insights decision-makers need to navigate today’s turbulent waters or gathering fluff that is ultimately of little value.
How do you structure risk assessment questions and approach one-on-one discussions with business units at your company?
Insights from other readers is extremely helpful in ensuring ERM and related processes are the best they can be. To share your thoughts, please don’t hesitate to leave a comment below or join the conversation on LinkedIn.
If for any reason you need to share your insights privately, please send your remarks to firstname.lastname@example.org
And if your company is struggling with risk assessment questions or other aspects of understanding threats and opportunities to achieving strategic objectives, please don’t hesitate to email me or click this link to view my calendar and schedule a meeting to discuss your specific challenges and potential solutions.