Risk management may seem simple enough in theory, but not all employees have the necessary skills and competencies to successfully apply it in practice. One of the key components in driving change is employee training and development.
Conduct training for “risk-champions”
Provide additional risk management training to the in-house risk management team and business units responsible for internal control, audit, finance, strategy and others. Risk managers may conduct it personally or outsource to third-party providers. In-depth risk management training should include (this example is based on the actual risk management training provided by Institute for Strategic Risk Analysis in Decision Making (ISAR) and RISK-ACADEMY):
Risk Management Foundations
Definition of risk
History of risk management
International and national risk management standards
Introduction to finance, project management and process management
Introduction to statistics
Risk Management in Decision Making
Identification of risks associated with decision making or goals/KPIs achievement
Risk analysis in decision making (sensitivity analysis, scenario analysis, Monte-Carlo simulations, decision trees, scoring models)
Risk mitigation and risk-based decision making
Disclosure, reporting, monitoring and review
Psychology and Risk Management Culture
Risk psychology and cognitive biases in decision making
Risk management culture
Principles of risk management ethics
Integrating Risk Management into the Business
Understanding the organisational appetite for risk
A roadmap for risk management integration:
Developing new and updating existing policies and procedures
Integration into decision making, planning, budgeting, purchasing, auditing etc.
Risk management roles and responsibilities, risk management KPIs
Integrating risk information into management reporting
Resources required for the implementation of risk management
Auditing risk management effectiveness
Risk management continuous improvement
Risk management software
More information about training programmes or to order training for your company go here >
If you are interested in sitting the G31000 certification exam after the training and receiving a risk management certification, go here >
Make risk training competency based
Just like any other business expense, a risk management training budget needs to be justified. And just like any investment decision, risk management training needs to show adequate return on investment. Training costs money: the development process, hiring trainers and getting employees to dedicate time away from their workplace to participate in training.
One useful way, suggested by risk managers we interviewed, was to make all risk management training competency based and setting KPIs to check for noticeable improvement in the quality of risk-based decision making. Each training session should start and end with competency tests. Surveys should also be conducted one month and six months after the training to test for knowledge retention.
Develop certification programmes for employees in high-risk activities
Another useful suggestion is to develop an internal risk management certification for employees working in high-risk activities. This will ensure staff working in high-risk activities, like manufacturing, trading, insurance, security and others, possess adequate risk management skills and remain aware of the risks associated with their work.
Certification programmes may be developed internally or outsourced. Depending on the high-risk activity the certification may be high level or in-depth, in any case it should test:
Understanding of legal obligations
Awareness of risks in the workplace
Ability to make quality decisions under uncertainty
Understanding the protocol for communicating and escalating risks
Evidence of moral and ethical behaviour
Use passive learning techniques
Make sure that risk management information is available to employees, contractors and visitors. Place Risk Management Policy on the intranet and the corporate website, record and publish risk management training or awareness sessions videos on the dedicated risk management intranet page.
Invite guest speakers (risk managers from other companies) to speak at the Audit Committee or Risk Management Committee and give employees the opportunity to participate. We have used this in the past and it worked very well.
Periodically post useful risk management related articles and research papers on the corporate intranet. Make the risk management information easily accessible to staff.
Be informed of the latest industry news, key updates and our product and version releases, by following us on LinkedIn, Facebook, and Twitter. You can also get them delivered straight to your mailbox here.