We know that businesses often walk a tightrope between what must be done and what’s possible with the tools and resources they have available. This includes implementing risk management processes.
Labs face a particular set of challenges with compliance and maintaining accreditation while still remaining competitive and viable.
We’ve put together this list of hints and tips to help you consider some of the risk management issues that your laboratory may face.
Number 1: Know your appetite
The decisions you make in risk management processes should be based on your organisation’s appetite to risk. Risk appetite defines the amount and type of risk that an organisation is willing to pursue, retain, or take.
Risk appetites should aim at improving business performance. This means that any definition or statement of risk appetite should be relevant to business units on a day-to-day basis. Risk appetite should link to business decisions and the appropriate metrics collected and shared. So how risky are you?
Number 2: Risk be gone!
Well, actually no. We live with risk every day from the moment we get out of bed. Risk management comes at a cost which is why prioritising risks is critical. Look at which risks to avoid if possible, which are acceptable and manageable, and which can be accepted with no special initiatives in place. The risks with the highest impact are usually surprises and not prepared for – so plan on surprises! Risk should be managed and not eliminated. The costs of elimination may be too high.
Number 3: Is it too difficult?
Risk management activities should be appropriate to the level of risk faced by your organisation, its size and complexity. To effectively manage any risk, the focus must be on identifying and managing the risk itself, not the results or the outcomes. There are risks in taking, not taking or deferring actions so this should also be considered in the context of your organisation.
Number 4: Why are you doing it?
Risk management activities should align with other organisational activities. The approach should be comprehensive. There must be clarity about risk identification, estimation, measurement and control. Remember risks are both internal and external so prepare for both.
Number 5: Risk management is not an event
Embed risk management within the organisation and responsive to emerging risks. Your risk management process should be clearly defined, documented, and approved but not seen as a standalone function. Risk management activities should be an integral part of routine and ongoing decision making.
Number 6: Does it add value?
Your risk management activities must add value to the organisation and this must be clear to all employees. If staff understand how risk management applies to their role and its potential impacts, they’re more likely to take ownership. Processes must be user-friendly and easy to understand. They should take into account human factors such as reactions to events, failings, and the likelihood of errors.
Number 7: Risks must be reviewed
Continue to review, monitor and keep your risks up-to-date. This will ensure compliance with best practice. Make decisions with the potential change in risk in mind. But give consideration to the level of uncertainty or confidence associated with estimating that risk.
Number 8: Improve your process
As with all processes, there should be an expectation that the risk process can be continually improved. Gather and examine information from your internal audits and encourage open discussions with staff to gain their feedback. Are you getting the most out of your risk management activities?
Number 9: Is it really a risk?
For every downside there could be an upside. Consider if the risk is actually an opportunity to improve your organisation or gain a competitive edge. For example, staff retirement can leave a knowledge vacuum. Create a simple mechanism to capture and retain that valuable industry and corporate knowledge – this means that you can protect your productivity and operational efficiency.
Number 10: Don’t stop
Your risk management activities shouldn’t cease just because you’ve been ‘lucky’ for the past ten years. Continually measure your exposure as well as your history and prepare for any stormy seas that may lie ahead. Remember to make sure your risk management plan links to your goals and set up a way to measure its success. Provide sufficient resources for implementation across the organisation and explain about risk management to all employees including during induction of new staff.
Risk transfer means moving risks to other organisations such as banks, insurance companies etc. This is only an option if the cost of doing so outweighs the financial impact of the risk. If the organisation decides to transfer its risk, it is critical to have properly constructed contracts. A trusted legal knowledge source will ensure that your risk transfer is understood and covered appropriately. Our friends at Lab Law can help with this – email email@example.com
What if I need help?
That’s what we’re here for!
Register for Risky Business for Labs, our risk management workshop specifically for laboratories right here
For support and advice you can phone Maree on 0411 540 709.
Remember, you don’t have to do this alone!
Download this article Risky business