By Erin Gloeckner
Of the conventional, commonplace risk management tools, the risk register seems to reign supreme. Typically a chart or spreadsheet that details risk information and management controls, I sometimes wonder why template risk registers continue to pique the interest of teams that have tailored and customized other aspects of their risk management programs. When collecting and monitoring risk information using tools like a risk register, we must be careful to avoid “Enterprise List Management,” a term coined by Jim DeLoach, managing director at Protiviti which refers to emphasizing the development and review of a list of risks, rather than effective decision-making through the consideration of risk.
How can we spruce up the tired risk register to both reduce list management and to inspire optimal decisions and risk management actions? Try the tips below, and share your risk register insights with NRMC at firstname.lastname@example.org.
- Know Your Audience: At NRMC, we often see clients using risk registers at the staff level as a means for recording and reflecting on risk information. Some teams also present those same risk registers to their governing boards. While board members might desire to drill down and review detailed information about risks of interest, typical risk registers are too granular to be effective as a risk oversight tool. If your board does ask to review a risk register, consider scaling it back and linking the content to your nonprofit’s strategic priorities. Inspire your board to make decisions about strategy risks rather than getting into the weeds of a risk register focused on operational issues.
- Inspire Confident Decision-Making: Abandon the risk register that simply inspires review rather than dialogue and decision. To get the conversation going, highlight specific content or themes in your risk register. As described above, linking risk to your nonprofit’s strategic priorities can help reviewers frame risk management decisions through a mission lens, rather than a vacuum (i.e., risk in relation to nothing). Estimating your team’s “risk readiness” or risk management effectiveness is another interesting way to spur reviewers to prioritize the risks and risk management activities listed in your register. Including risk indicators—such as warning signs or signals that your team is monitoring—will enable everyone involved in register review to report when they believe a risk is changing and warrants attention. Describing contingency plans you’ve put in place could inspire the confidence of your risk oversight team as they review your risk register.
- Get it Tailored: We advise clients and Affiliate Members to customize almost every aspect of their risk management programs and capabilities, including risk registers and comparable tools. One NRMC client is currently developing unique departmental risk registers with the input of each department. Through this process, department teams have an opportunity to showcase their ongoing and completed risk management efforts, and to develop a sense of ownership and commitment to maintaining their distinct risk registers. Like a statement accessory, style of footwear, or sunglasses that represent your unique style, it’s best to wear a risk register tailored just for you.
- Keep It Simple: Bottom line, if your risk register is a hassle to maintain and/or doesn’t seem to help anyone, then your team won’t—and arguably shouldn’t—use it. Keep it simple and practical by asking your team to help you refine the content and format that best suits their needs. If you require peers to use a risk register that slows them down or causes them irritation, then you risk eroding their interest in risk management altogether.
However you choose to revamp your risk register, make it all yours, not someone else’s. “Take the course opposite to custom and you will almost always do well.” – Jean-Jacques Rousseau