Risk management may seem simple enough in theory, but not all employees have the necessary skills and competencies to successfully apply it in practice. One of the key components in driving change is employee training and development.
Conduct training for “risk-champions”
Provide additional risk management training to the in-house risk management team and business units responsible for internal control, audit, finance, strategy and others. Risk managers may conduct it personally or outsource to third-party providers. In-depth risk management training should include (this example is based on the actual risk management training provided by Institute for Strategic Risk Analysis in Decision Making (ISAR) and RISK-ACADEMY):
Risk Management Foundations
- Definition of risk
- History of risk management
- International and national risk management standards
- Introduction to finance, project management and process management
- Introduction to statistics
- Insurance basics
Make risk training competency based
Just like any other business expense, a risk management training budget needs to be justified. And just like any investment decision, risk management training needs to show adequate return on investment. Training costs money: the development process, hiring trainers and getting employees to dedicate time away from their workplace to participate in training.
One useful way, suggested by risk managers we interviewed, was to make all risk management training competency based and setting KPIs to check for noticeable improvement in the quality of risk-based decision making. Each training session should start and end with competency tests. Surveys should also be conducted one month and six months after the training to test for knowledge retention.
Develop certification programmes for employees in high-risk activities
Another useful suggestion is to develop an internal risk management certification for employees working in high-risk activities. This will ensure staff working in high-risk activities, like manufacturing, trading, insurance, security and others, possess adequate risk management skills and remain aware of the risks associated with their work.
Certification programmes may be developed internally or outsourced. Depending on the high-risk activity the certification may be high level or in-depth, in any case it should test:
- Understanding of legal obligations
- Awareness of risks in the workplace
- Ability to make quality decisions under uncertainty
- Understanding the protocol for communicating and escalating risks
- Evidence of moral and ethical behaviour
Use passive learning techniques
Make sure that risk management information is available to employees, contractors and visitors. Place Risk Management Policy on the intranet and the corporate website, record and publish risk management training or awareness sessions videos on the dedicated risk management intranet page.
Invite guest speakers (risk managers from other companies) to speak at the Audit Committee or Risk Management Committee and give employees the opportunity to participate. We have used this in the past and it worked very well.
Periodically post useful risk management related articles and research papers on the corporate intranet. Make the risk management information easily accessible to staff.
Alex Sidorenko, Owner and Chief Risk Officer, Risk-Academy
Alex Sidorenko is an expert with over 14 years of private equity, sovereign wealth fund risk management experience across Australia, Russia, Poland, and Kazakhstan.
He is the owner and Chief Risk Officer at Risk-Academy, which provides risk management education and consulting services, and the Risk Management Advisor at Neironix.
In 2014, Alex was named the Risk Manager of the Year by the Russian Risk Management Association.
Be informed of the latest industry news, key updates and our product and version releases, by following us on LinkedIn, Facebook, and Twitter. You can also get them delivered straight to your mailbox here.
- Training & Competence
- Management of Change
- Occupational Health & Hygiene
Article originally published on the Risk Academy website, on 20 March 2017