- Learn and Network
- IIRSM Emerging Risk Leaders' Network
- IIRSM/NEBOSH Risk qualification
- Past Awards
- Training approval
- Qualification Accreditation
- UK Branches
- International branches
- Risk management and leadership competence framework
- Mentoring Scheme
- IIRSM Award Winners 2021
- IIRSM Young Leaders Essay Competition 2021
- 2022 IIRSM Risk Excellence Awards
- Info Hub
- Strategy & Partners
- News & Views
- Get involved
- My IIRSM
The new world order of risk
Date of Issue: Monday, 13 August, 2018
The world has changed dramatically in the past 20 years, and most of all, the scale of change itself. We now live in a world where the biggest risk faced by organisations is the speed at which they can be destroyed (Aon's Global Risk Management Survey, 2017). Reputation is everything, and together with the growing threat of cyber attack or data loss, the very nature of risk management has had to change in order to adapt to this new and fast paced world. Furthermore, the Aon survey also cites 'disruptive technologies' such as robotics. The world of Star Trek is here today (well, almost).
So is this hype or reality? In the power utilities sector for instance, the risk of distributed energy resources such as local generation using wind power and storage through home smart battery technology is changing the economics and nature of the industry itself. Coupled with increasing demand for power from electric vehicle usage, and changing customer attitudes towards service, the risks facing the industry are changing rapidly.
In this context, three things matter more than anything else. Firstly, understanding organisational internal and external context - the world in which it exists - and its vision and objectives. Secondly, having a purpose beyond mere profit, as well as values and a culture that embed that purpose within the organisation's DNA. And thirdly, embracing and managing change. According to EU-OSHA, all types of business will be confronted with change, mainly to stay in business. Only those that are successful will survive.
A truly global standard
The old 20th century view of business being a controllable machine is no longer appropriate: instead, today's organisations are more akin to biological systems, adapting as huge cultural, economic and technological demands constantly change and reshape our world.
So where does occupational safety and health (OSH) fit within this context? The causes of ill health and injury at work are changing, with newly evolving risks such as mental stress and occupational cancers increasingly prominent, together with as yet unrecognised risks, and combinations of risks, from new technologies. In such an environment, traditional 'box ticking' compliance attitudes to OSH are too slow to evolve to meet tomorrow's new risks.
ISO 45001:2018, released earlier this year, recognises this through promoting a risk-based approach to OSH, one that recognises organisational 'context' as described above. In practice, this means organisations proportionately managing OSH according to the nature, frequency and severity of the risks faced, and the objectives and key processes of the organisation. Indeed the UK's Health and Safety Executive has announced it will develop a guide for proportionate application of ISO 45001 over the coming year. Proportionality matters.
The new standard focuses on leadership too, meaning business leaders will have to live and breathe it, creating cultures where risk (and safety) competence is embedded throughout the organisation, and in ways that ensure true worker participation.
The UK Financial Reporting Council (FRC) will shortly release its 2018 UK Corporate Governance Code, and that too will require listed companies to have worker representation at board level. Thus we can see that the same social trends are changing approaches to risk in industry in the boardroom as well as the shop floor.
Faced with this new world, business leaders are having to look holistically at risk across the enterprise - no longer does it work to think of OSH, insurable risk, data, quality, financial risks, governance and business continuity as separate unconnected disciplines. Indeed these and 'opportunity risk' are all interconnected, as indeed the 'man or woman in the street' would tell us. ISO 31000:2018, the global standard for risk management, and BS 65000 the UK standard for organisational resilience, support this approach.
What should organisations do in practice?
Firstly, adopt a common language for risk across all parts of the organisation, and one which chimes with business leaders. Being technically expert, but unable to communicate in a relevant way, is often a barrier to acceptance for risk professionals. According to Deloitte (Global Risk Management Survey, 2017), 86% of company boards are devoting more time to the oversight of risk management than they did two years ago. OSH professionals must be engaged with this or lose relevance. 'Risk management must be a culture, not a cult' notes Tom Wilson, Chief Risk Officer, Allianz.
Secondly, be brave and learn how to learn. In today's world of social media and fake news, being able to distinguish between hype, lies and facts is everything. We're all being asked to believe that all points of view are relevant, but as scientists are taught, that doesn't mean all views are correct. Brave, because sometimes the established view isn't necessarily the right one: we can learn from NASA (Columbia and Challenger) and the nuclear industry (Chernobyl and Fukushima) for instance. Indeed, more recently, the Grenfell Tower Inquiry preliminary expert reports included the recommendation that a culture shift in fire protection of high risk residential properties was needed, something that could or should have been learned already from earlier residential block fires or indeed the Piper Alpha disaster, which happened 30 years ago this month.
Thirdly, 'thinking the unthinkable'. As journalist and author Nik Gowing told delegates at this year's IIRSM conference (www.iirsm.org/iirsm-conference-2018), being flexible and prepared for changes that happen at 'social media speed' will differentiate tomorrow's survivors and winners from names that will become history.
Ignoring the elephant in the room may have enabled yesterday's leaders to avoid career limiting moves, but in today's world it's more likely to lead to a Carillion, an Oxfam or a #metoo revolution. All the evidence suggests that millennials won't want to work for you either. Ignore this advice and at best, you'll be engulfed in a social media storm - at worst, you'll lose your business.
Life today has sometimes been likened to a lobster being gradually boiled alive: we might not see the change around us, but we will certainly feel it, and that means all of us.