Communication and consultation

Effective risk assessments require collaboration among domain experts and those with access to necessary information. The risk management framework should address the communication plan for risk management in general.

Let’s call out some communication issues that are especially important for the risk assessment process.

Identify people for each stage

When we cover the stages of the risk management process in next lesson, you will want to think about the people that need to be involved depending on the stage and purpose.

For example, to brainstorm a list of potential legal risks might require only internal stake holders representing the necessary departments. When it comes to making a decision about spending time and money on a solution for a risk, then identifying the right external stakeholder is important.

The implication is that an “external stakeholder” can be outside the group doing the risk assessment, but still inside the same company, or a party outside the organization entirely. The scope of the risk management process helps define what “external” means in your case.

Beyond the stake holders, you should identify from where and from whom you will get the information you need to correctly assess a risk.

This might be as simple as naming the person charged with generating reports from your ERP ++spell out ERP++ system so you know how many transactions are similar to the one you are analyzing.

Domain experts in the business are also critical to forming an accurate view of a risk. A sales manager, for example, will have a more informed opinion about a sales practice in the field, than someone in finance or legal.

Identify the method for each stage

The team performing legal risk analysis should explicitly identify the method or technique used for each stage. Some are more useful than others.

The method should be tailored o the potential risk, the available resources, and skills of those involved.

An email soliciting a list of potential risks might be less than effective. The prompt is insufficient. The recipient’s state of mind is not focused on risk management. The level of detail in the responses varies widely. There is no real time interaction among participants.

An email survey after a live brainstorming meeting can, however, effectively elicit deeper analysis upon reflection.

Provide diversity and expertise

There is a subtle art to obtaining the right kind of risk management input. The facilitator needs to gather a team with a variety of expertise and foster differing opinions.

It is important to gather those opinions on each part of a risk assessment and have the team resolve them. The primary focus needs to be on the health of the organization.

Identify points of decision

The risk management plan developed as part of the risk management framework identifies specific decision points in the risk management process.

The team should know which juncture requires a decision, who has the decision making authority, and what information that person or level needs to make the best possible decision.

The risk assessment process must drive toward that juncture.