Questions for Gauging the Value of your Organization’s Risk & Performance Management

Although there can be an infinite number of reasons for an organization to evaluate its risk and performance management, two main reasons that apply across-the-board include:

  1. You need to understand where your organization stands in order to plan where it should go.
  2. Executives want to know if what’s in place or being done is adding value.

In reviewing this year’s State of Risk Oversight report from NC State, I came across an extensive list of questions aimed at helping organizations understand their current risk management capabilities.

But after taking a more in-depth look at the list and the report in general, the questions seemed to be entirely focused on risk, or “threats,” to the organization.

As you may know from some of my recent posts and commentary from experts, simply focusing on what can go wrong is not a recipe for success in today’s dynamic, fast-paced world. At a high level, enterprise risk management shouldn’t be about preventing failure but instead about ensuring success. Risk and performance management must look at the whole picture.

Because in the end, performance is what executives care about.

Risk lists have several drawbacks. They not only focus on what can go wrong, but they are also overwhelming and not useful for decision-making in many cases. Risk lists are also backwards looking and usually only tell executives what they already know.

Coincidentally, a recent post on Norman Marks’ blog got me to thinking a little more about decision-making and performance. He states that the core of effective risk management is how an organization makes decisions. Simply reviewing meeting minutes and other records though will not be helpful in understanding this.

Instead, Norman explains that risk practitioners should consider “…how the decision-makers know what risks the board and top management wants them to take.” Below is a screenshot of Norman’s sample questions.

Additional questions for gauging the value of your organization’s risk and performance management

The questions outlined in Norman’s article are a great starting point for understanding how your organization makes decisions.

However, there are other issues around culture that you as a practitioner must understand in order to gauge the effectiveness and value of risk activities in your organization.

With that in mind, I would like to offer the following three general questions to ask in addition to Norman’s questions:

  1. How involved is management in defining behaviors they want to see in the organization?
  1. Has management reached an agreement on how much risk to take to achieve goals? Is the Board on the same page?
  1. What methods are used by the organization to understand risk before making decisions?

These of course are just some generalized questions to get you started…

In the end, most questions for gauging the value of risk and performance management will be organization-specific. Example questions like the ones above or in Norman’s article are a good start.

However, only someone with some level of understanding of your organization’s decision-making process will be able to articulate questions aimed at gauging the value of any current risk and performance activities.

When developing your questions though, keep the following in mind…

Be deliberate about each word in a question…

The following video from performance coach Todd Herman explains how just one word can either change the meaning of something or narrow the scope of the inquiry.

While coaching athletes, public figures, or business leaders, Todd doesn’t necessarily listen for the content of the question, but rather the specific words people use to describe a situation. Understanding these words provides a glimpse into the paradigms and ways people view business and life in general.

For example, if someone uses the word “allow,” they are automatically placing restrictions on possible answers without even knowing it.

In a risk and performance context, asking “Have we identified all risks associated with this objective?” is going to put the idea in people’s mind that there must be a structured process. As I explain here, getting value from ERM doesn’t necessarily require a structured, rigid process. A question like this also limits the frame of reference since it is very risk-centric.

Instead of asking if all risks have been identified, you could ask if the most significant or relevant risks been identified.

Even better, you could ask “Have we discussed the most significant risks with this objective?” or “Do you have a good understanding of the most significant risks?”

Be deliberate in how you develop organization-specific questions. Taking an ad-hoc, on-the-fly approach will likely result in you asking questions that box executives into a certain frame of mind. This will not get you the information you need to accurately assess the value of your organization’s risk and performance management activities.

Are there any specific methods you have used to gauge the effectiveness and value of your organization’s risk and performance management?

Have you ever, in hindsight, used words that changed the meaning or otherwise placed limitations on the response to a question?

I am interested in hearing your thoughts on methods and questions for gauging the effectiveness of risk and performance management. Leave a comment below or join the conversation on LinkedIn.

If you are struggling to develop the right questions for your organization, or are otherwise stuck in understanding how well your organization is managing risks and opportunities, contact me to discuss your specific situation today.

Sign Up For Our Newsletter

Sign Up For Our Newsletter

SDS-Logo
about-sidebar-v2

Meet Carol

Helping companies achieve their vision and strategy, and succeeding in today's turbulent world, is something I'm honored to be a part of. Whether you're an occasional blog visitor or a long-term client, thank you for letting us be a part of your journey.

Most Recent Posts

The 12 Days of ERM Christmas

Without a doubt, one of my family’s favorite holidays is Christmas. Part of the fun, especially for our son, is seeing what “Santa” brought, but most importantly, we treasure the spirit of peace and goodwill the season brings. And after what seemed to be a never-ending warm spell, the weather is expected to be good…

Read More

Don’t Let Goals and Initiatives Be Blindsided by External Events

As the end of the year draws near, I think we’d all agree that while it wasn’t without its challenges, this year also wasn’t quite as turbulent as the previous two. While a lot of people are juggling company parties, shopping for friends and family, and special activities for the kids, most companies are putting…

Read More

Going the Distance: Ensuring Successful Execution of Strategic and Annual Initiatives

Strategic planning is a challenge – of all people, I understand… After all the meetings, risk and data analysis, and brainstorming of the preceding months, it’s tempting to think this is the end of the road and you can relax. Contrary to this common perception though, this is exactly not the time to relax, but…

Read More

Avoid Rookie Mistakes and Protect your Internal Reputation

Be honest – have you ever done something that you soon realized was a real rookie mistake? Me raising my hand… Considering the nature of ERM’s role to ask questions and challenge assumptions (often during conversations with executives), it can be argued that, in at least some cases, the expectations bar for risk professionals is…

Read More

ERM at Thanksgiving – An Illustration of Risk Management in Action

On occasion, I like to take some of the concepts we risk professionals think about in our jobs and apply them to different personal situations…take some of the same concepts we use when working with executives to develop corporate strategy and manage risks or uncertainty around that strategy. It’s Thanksgiving week in the U.S. –…

Read More

Why Quantitative Risk Assessment is Not Just the Best But the Only Option – A Conversation

Periodically, I have the pleasure of speaking one-on-one with Hans Læssøe on a variety of topics around ERM, strategic risk, and other issues and trends. As you know from my previous conversations (here, here) and posts featuring his work, Hans was formerly a practitioner at the iconic LEGO Company, but even more notably, is a…

Read More

The Three Lines Model – 3 Reasons Why I Don’t Like It

Everyone likes a clear-cut template that offers an easy way to create or manage something…I mean what’s not to like about a step-by-step process for accomplishing what you want? Sometimes this can work without any issues, such as the case with the Project Management Book of Knowledge (PMBOK), ISO 9001 standard, or a new cooking…

Read More

5 Avenues for Expanding your ERM Knowledge

One thing I was taught to appreciate from a young age was the value of education and knowledge. It didn’t necessarily matter what the subject was, just that I always maintain a learning or growth mindset regardless of my current status in life. This mindset has served me well over the years, and it’s a…

Read More

Storytelling and Risk Management – Developing Skills that Technology Cannot Replace

It’s amazing how technology has developed and changed our working world over time. Imagine trying to run my risk and strategy consulting firm without tools like Zoom, Box, Slack, and other ERM-specific technology tools. There is no way we would be able to serve our clients the way that we do. Just consider how the…

Read More

3 Phases to Creating and Launching an ERM Program Focused on Organizational Success

If you’ve been handed the task of creating an ERM program for your organization, let me first offer my congratulations quickly followed by my empathy for the task ahead of you. I don’t say that to scare you but to provide a small dose of reality. Building, launching, and refining an ERM program that is…

Read More