Risk – Abstract concept or Valuable asset

Risk ManagementRisk is the potential of gaining or losing something of value. There are two parts to that statement, firstly potential, and the second, value. Sounds simple. And to translate these two components into something that actually means something, these abstract terms need to be made real. They need to resonate with each pair of eyes and ears.

So what will it take for people to change behaviour based on someone else’s declaration of a risk? They not only have to understand the principle to change their behaviour, but also to internalise that principle; accept that a given risk could affect them in some way, either practically or emotionally.

With the user accounting for, in some estimates, around 70% of the total risk landscape in an organization, establishing that hook, making a given risk real to each person, is the trick for managing risk in the enterprise. Worthy statements of danger, quoting abstract catastrophes in far off places to organisations you have no connection with, are nigh on worthless. Make it personal, make it ‘close’ to the individual, and you’ll effect a change in behaviour. Otherwise, you’re relying on policy awareness and practice education, with monitoring and enforcement to drive both home. And that is hard, time consuming, expensive, and ultimately only likely to be partially successful. Build a practical program of cultural change, couched in a message that resonates at the individual level, and you won’t have to try too hard, for too long.

Another facet to a message, is not to preach. If you frame a message as an accusation, or warn that the demons of doom will befall them if they do something wrong, it will have a diluted effect. Persuade people of the genuine value to them, their clients, and to them personally, and you’ll gain momentum and keep it going, with a little constant nudging. Ingrain these risk-aware practices into your client communications as well, and you’ll add value to your brand as well.

Finally, wrap the message in a story, but keep it short. If you can relay your biography in a tweet, you’re in the ball park.

Gavin Whatrup

A Group IT director with nearly 30 years of IT operations experience. Currently working on an Office 365 migration, which will be central to our strategy of tighter collaboration within & between our agencies, as well as with clients and partners. It will also complement our broader use of a portfolio of cloud technologies. Data & analytics are key drivers in developing new insights & services for our clients and our own businesses. Any infrastructure development, be it cloud, on-prem or hybrid, has to allow for data solutions to flow across your organisation, wherever and however it operates. And with new initiatives in the use of Big Data, having an integrated approach to platform & infrastructure will be essential to maximising the ROI. Having strategies around mobility, flexible working & BYOx are key to employee engagement and productivity. However, securing corporate data needs to be front & centre in any such strategy. Having a comprehensive information security policy that incorporates this, should form part of the broader Governance, Risk & Compliance (GRC) model.

Have Your Say:

CIO WaterCooler