- Strategy & Partners
- News & Views
- My IIRSM
United against risk
Young leaders Steph Camm and Luke Blake from Unite Students talk to Insight about their flexible and creative approach to risk management
Housing 50,000 students across 22 UK cities presents a unique set of risks and challenges. As well as the traditional health and safety risks to staff, students and contractors, there are broader operational risks connected with security, cybersecurity and business continuity. “The safety of our students is of paramount importance to us,” explains Luke Blake, Head of Operational Risk and Resilience at the UK’s largest student accommodation provider Unite Students.
To create a more holistic approach to managing these diverse risks, the company is currently working to bring together the different areas under a single integrated operational risk management framework. “We want to make sure we’ve got an overarching framework,” says Luke, “at a company wide level. If everyone has a good understanding of all the types of risks that might affect us – whether health and safety, security, information security, or fire – we can better understand our risk profile and manage it more collaboratively and transparently.”
“Such an approach also sets us up well to deal with any future changes and to take advantage of future prospects in the business,” adds Stephanie Camm, the organisation’s Head of Health and Safety, who is leading the project alongside Luke. “If we’ve got an approach that covers different areas so we can all work together, it builds in some adaptive resilience for us as a team.”
Both Steph and Luke, who are members of IIRSM’s Emerging Risk Leaders’ Network, are committed to ensuring the framework they are developing is simple, collaborative and effective. “There is nothing complex about the concept; it’s not rocket science what we’re trying to do here,” stresses Luke. “But not all organisations do it; and in large organisations in particular, there tends to be certain historical reasons why the various risk management functions are kept separate.”
A successful framework needs to get the right people and teams talking to each other, and build clear lines of communication throughout the business. With this in mind, Unite is creating regional and national risk committees where representatives from estates management, health and safety, security, student services and student welfare talk to each other and analyse the risks they are facing. “Out of that, you usually find that the controls, and the types of incidents and reasons for them, tend to be fairly common,” notes Luke. “And that is where we start to create the links.”
There are ongoing barriers, of course. Teams that have been used to working in their own areas can be reluctant to open up or to ‘cede ground’. “It’s a work in progress,” acknowledges Steph. “We’re not there yet, but our plan over the next 12 months is to get to a point where we’re no longer working in silos. It can be a hard culture to change. It’s a big shift in thinking to start working collaboratively across the board.”
“Any framework you put together has to align with an organisation’s culture and how it works,” stresses Luke. “So it would be wrong of us to try to introduce something that was extremely formal – getting people to complete and review copious amounts of risk registers on a monthly basis, for example. So the approach we’ve taken is more flexible and creative, and a massive part of it is just good communication.”
Out of the silo
Steph and Luke have found their own experience of working together, alongside Unite’s Fire Risk Manager Alison Phillips, is helping set the tone for the wider organisation and encourage integration. “Between us, we’re already showing the benefit of working together, and are bringing other teams that manage an element of risk in with us,” explains Steph.
On the reactive side, instead of reviewing and investigating incidents in individual teams, Unite now has a representative from every area of risk feeding into each review. “We’ve found that joined-up investigations usually throw up common points for improvement, and that then facilitates changes in policy and procedures on a broader scale,” Luke explains. “So whether it might be a large building flood or a major fire we’re dealing with, those group reviews produce concrete and organisation-wide results.”
After a serious flood in a property last year, there was a large scale collaborative review. “On the back of that, we’ve rewritten our business continuity management system and integrated that across the company,” says Luke. “And we’ve done that collectively by working with various departments – from the operational teams to estates management to health and safety and cybersecurity.
A joint approach is also more resource efficient. “Previously, each department would have worked separately in its own area,” explains Steph. “Our health and safety team, for example, would have investigated from a safety perspective, looking at specific risks to employees and students, such as the occupational health risk from exposure to water and sewage. We would have used up additional time and resources, and then not had a joined-up approach to implementing the outcomes of each separate investigation.”
Battling for buy-in
The impetus for integration has mainly come from key risk managers within the business, including Steph, Luke and Alison, and their counterparts in the information security and estates teams. “There is a consistent drive from all of us for the joined up-approach,” says Luke. “But there’s also appetite from our Board, which is always open to new ways of working and continually improving the way we deliver things. Without buy-in from the Board, you won’t get things done.”
Steph and Luke see buy-in from different people in different roles across the organisation as key to success. “For me, the biggest thing is trying to make it mean something to the person on the reception desk or the cleaners or security guards working at our different sites,” says Luke. “So we try not to get bogged down in the detail too much at the wrong level. We need to really think about what risk management means to that person who is directly going to deal with the welfare of students. That’s our biggest challenge.”
Another challenge comes from within the risk professions themselves. Steph puts this down to a historical lack of education and understanding about the different areas of risk. During her own training in environmental health and health and safety, risk management was covered only narrowly in terms of risk assessment. “At no point did we ever talk about the benefits of a joined-up approach business-wide,” she says. “So I think in terms of education and training, there could still be improvements. We’ve proactively joined IIRSM for that reason, and we see the benefits [of an integrated approach] through going to seminars and hearing other big corporations talking about it. But in terms of educating a wider audience within health and safety or other risk areas, I think there is still some way to go.”
A manager of risk
One way of breaking down the silo-mentality may be to shift to having generic “managers of risk”. “We still have a team of health and safety managers at the moment, but we’re thinking of moving towards having risk managers within the next few years,” says Steph. “That would help the business to understand it’s not just health and safety risks we’re overseeing, and might change some people’s perception of how we all manage risk.”
She acknowledges this may be a step too far for some. “It’s going to take a big mindset shift,” she says, “especially for the health and safety team who have trained as health and safety managers. But alongside our new risk management framework, it would be a logical next step.”
Some managers may be reluctant to take on this mantle because they fear they may be taking on responsibilities outside their core competencies. “When you ask someone who’s been in a certain field for a number of years to start looking at something differently, they may come back and say they don’t feel confident,” admits Luke. “And that’s completely understandable; but all you really need to do is educate people in the technical side and then make them understand that the process of managing risk, whether in health and safety or information security, is pretty much the same.”
Regional health and safety managers at Unite Students are already taking a keen lead role in security at city level. “If someone has worked in health and safety for 20 years, they’re likely to make a good risk manager for information security or operational security because they know the process,” says Luke. “They already know how to identify and analyse risk, and that’s what it comes down to.”
There’s also a professional development benefit to be had. “If you’re a risk manager and have a broader understanding of the different types of risk, you are essentially far more employable and more flexible in the roles you might go into in future,” suggests Steph.
Take off the blinkers
Luke’s main piece of advice for other professionals interested in developing a more integrated approach within their organisations is to keep things simple. “Don’t try to create complex frameworks that don’t get buy-in from the very people you need to get buy-in from,” he says. “So ask yourself why you are doing it. If you’re ultimately doing it to benefit the people who are working operationally in the business then it needs to be of value to them and then it’s all about making it work to get that value.”
For her part, Steph advises looking at, and learning from, best practice in organisations that are already further down this route. For example, she has spent some time with Landsec looking at how it does things, and both she and Luke have previously worked in organisations that have chosen a joined-up approach. “Above all,” she says, “don’t be blinkered in your view of how risk, or any element of it, should be managed.”
Unite Students is a corporate member of IIRSM, and Steph and Luke are individual members, as well as being involved in the Emerging Risk Leaders’ Network, which aims to help future business leaders develop and showcase their talents with peers from different sectors and the wider business community.
“I’m a member of several different organisations,” says Luke. “But the real benefit of IIRSM is the broader scope that it looks at. It’s not focused on one element of risk.”
For both him and Steph, this is a key attraction. “There is a drive within IIRSM and its members to open things up a bit, look at different areas of risk and bring them together,” he adds. “So it is exactly in line with our way of thinking and what we’re trying to do here. For us, that is massively beneficial.”
The IIRSM seminars and the additional support provided as part of the membership are also big pluses. “These are part of the package, rather than coming with additional costs,” says Luke, “which is a huge benefit.”
“It’s not just a membership where we just get an email and magazine every so often,” stresses Steph. “For me, IIRSM also provides an opportunity for personal development.” She has attended and spoken at a range of seminars and is committed to the emerging leaders’ network.
“We do also get the email and the magazine, and there’s always something in there that’s relevant to what we do, and something I can forward on to the wider business that’s relevant, too. But IIRSM is offering wider benefits to its members, which is what we really like. It’s a great networking opportunity.”
Home for success
Founded in 1991, Unite Students was the UK’s first private provider of purpose-built student accommodation. Its initial property was in Bristol and it now operates circa 130 sites in 22 cities from Aberdeen to Exeter. Over the years, the company estimates that it has provided rooms for more than 600,000 students.
Working under the banner “Home for Success”, around 1,400 employees are committed to helping students build a strong foundation for academic and personal success by providing high quality accommodation that is safe and close to university campuses, transport links and local amenities. Students live in en-suite and studio bedrooms with rents covering all bills, insurance, 24-hour security and high speed Wi-Fi.