Human Capital Risk Series: Focus on Complacency

By Lowers & Associates,

One way to think about risk management is as a set of procedures designed to mitigate risks identified in a threat assessment. In this view, the risk management program contains a set of rules that can be taught to the right people who can implement the procedures to reduce or eliminate risk.

Humans are good at inventing routines to make repetitive tasks easier or faster to complete. In the beginning, we spend a lot of time and energy working out how the parts of the puzzle fit together, what causes what, what can go wrong, and how to achieve the goal most efficiently, in this case, to mitigate risk.

Once the routine is designed properly, we test it.  If it works, we implement it and then begin the second phase of embedding the routine into a body of standard procedures.

… Continue reading

  Category: Risk Management
  Comments: Comments Off on Human Capital Risk Series: Focus on Complacency

3 Risk Management Practices of Industry-Leading Organizations

By Mark Lowers,

Managers in every organization are responsible for achieving the objectives identified in their organizations’ strategic plan. We commonly think of these as positive outcomes, such as increasing sales, maximizing profits, expanding market share, and the like.

But outstanding leaders know that there are threats as well as opportunities in the environment, and they work to manage these risks just as actively as they seek to maximize gains. For industry-leading organizations, avoiding or minimizing the costs of foreseeable risks is an integral part of the total performance of the organization.  Maximizing gain and minimizing risk are two sides of the same coin.

The risk management practices of industry leaders deserve attention. Here are some of the top practices:

1. Risk Management is Integral to the Strategic Plan

The most important thing effective leaders do to manage risks is to make it an explicit part of the strategic plan, and demand buy in from all levels of the organization. Risk management becomes a systematic effort that is pervasive through all operating units, from sales to marketing, supply management to manufacturing, and internal controls. It is given a priority commensurate with its importance, right in line with market expansion or critical support functions. All these functions are explicitly targeted for investment and effort.

To get and retain the visibility it deserves, industry leading organizations assign responsibility for risk management to a C-suite manager, and make it part of that role’s evaluation. In order for the risk management function to matter to an organization, it has to matter to someone whose job is defined by it. This helps to ensure that there is accountability for the performance of risk mitigation tactics and consistency in implementation.

2. Risk Management is a Planned Activity

Good leaders understand that the key to success is channeling the efforts and resources of every unit in the organization to the achievement of its strategic objectives. They use the strategic planning process to define measureable outcomes, but also to communicate organizational priorities to every level. This general approach has to be adapted to the risk management function.

At the highest level, the person in the role responsible for risk management has to initiate the process of defining risk mitigation objectives. This is based on a thorough, objective risk assessment process that occurs in every operating unit. Although the details will vary depending on the organization, there are some basic concepts that are common to all organizations:

Internal controls have to be reviewed for their risk exposure and ability to mitigate those risks. Obvious places for control reviews are in financial, accounting, and IT functions, but these functions permeate the organization from sales to C-suite. … Continue reading

What Your Risk Management Strategy Says About Your Company

By Mark Lowers,

Your risk management strategy sends signals to internal stakeholders, customers, partners, investors, the public at large, and sometimes a courtroom about what’s important to your organization.

A visible, well-designed risk management plan tells people that you are serious about managing the organization to protect what’s important and minimize losses.

Think of it this way. You would always expect someone like a potential partner or customer to evaluate your organization to determine how well it can deliver its promised goods and services. You would expect them to measure the opportunity you offer against alternatives in the same market.

The flip side of that ability to produce an outcome (i.e. promised goods and services) is the ability to minimize the threats against it, or in our parlance, to mitigate the risks. To anyone who is looking at your organization closely to decide whether to work with you or not, your strategy to mitigate risk is an integral part of the whole picture. An organization with a strong risk management strategy is a better partner or supplier, more trustworthy, and more likely to deliver on its promises.

How do People See Your Risk Management Strategy?

There are a number of ways people see your risk management strategy in their interactions with your organization. Here are a few of the important ones:

Contract negotiations

If your contracts are tight and include identification of risks and steps to mitigate them, your potential partner or customer gains confidence in both the process and the probable outcome. Most contracts these days go through a legal review that will insert typical clauses about liabilities. But going beyond the usual to identify risks to the partnership the contract represents, e.g., a third-party vendor, strengthens the impression of your organization.


You probably try to establish beneficial partnerships with suppliers, distributors, shippers and others whose cooperation helps to get your product to market. These partners will learn about your risk management strategy in how you set up joint processes to minimize threats. They will also understand that they are under scrutiny as potential risks as well.

Customers and prospects

If you are transparent in identifying the potential risks in a transaction and how you will address them, your customers will gain confidence that you know what you are doing. You will be seen as a reliable vendor.

Hiring process

Careful screening of candidates and employees sends a message to prospective applicants, fellow employees, and the public about your desire to create a safe and productive workplace. Lacking a defined employment screening process can leave you open to attracting candidates who are specifically looking to bypass such potential hiring barriers.


Your insurance company may require a risk management plan, or specific risk mitigation tactics, before issuing a policy. However, beyond that, the quality of your risk management strategy could earn you more flexible underwriting and possibly even a better rate. Insurers understand risk!


Your peers in your market know your business almost as well as you do. Your reputation with them is an important asset, and how you manage risk will be part of it.

Ultimately, it’s a matter of trust. A risk managed business or organization is simply more reliable.