Risky Business – risk management for labs
We know that businesses often walk a tightrope between what must be done and what’s possible with the tools and resources they have available. This includes implementing risk management processes.
Labs face a particular set of challenges with compliance and maintaining NATA accreditation while still remaining competitive and viable.
We’ve put together this list of hints and tips to help you consider some of the risk management issues that your laboratory may face.
Number 1: Know your appetite
The decisions you make in risk management processes should be based on your organisation’s appetite to risk. Risk appetite defines the amount and type of risk that an organisation is willing to pursue, retain, or take.
Risk appetites should aim at improving business performance. This means that any definition or statement of risk appetite should be relevant to business units on a day-to-day basis. Risk appetite should link to business decisions and the appropriate metrics collected and shared. So how risky are you?
Number 2: Risk be gone!
Well, actually no. We live with risk every day from the moment we get out of bed. Risk management comes at a cost which is why prioritising risks is critical. Look at which risks to avoid if possible, which are acceptable and manageable, and which can be accepted with no special initiatives in place. The risks with the highest impact are usually surprises and not prepared for – so plan on surprises! Risk should be managed and not eliminated. The costs of elimination may be too high.
Number 3: Is it too difficult?
Risk management activities should be appropriate to the level of risk faced by your organisation, its size and complexity. To effectively manage any risk, the focus must be on identifying and managing the risk itself, not the results or the outcomes. There are risks in taking, not taking or deferring actions so you should consider this in the context of your organisation.
Number 4: Why are you doing it?
Risk management activities should align with other organisational activities. The approach should be comprehensive. There must be clarity about risk identification, estimation, measurement and control. Remember risks are both internal and external so prepare for both.
Number 5: Risk management is not an event
Embed risk management within the organisation and responsive to emerging risks. Clearly define your risk management process. Be sure it is defined, documented, and approved but should not be seen as a standalone function. Risk management activities should be an integral part of routine and ongoing decision making.
Number 6: Does it add value?
Your risk management activities must add value to the organisation and this must be clear to all employees. If staff understand how risk management applies to their role and its potential impacts, they’re more likely to take ownership. Processes must be user-friendly and easy to understand. They should take into account human factors such as reactions to events, failings, and the likelihood of errors.
Number 7: Risks must be reviewed
Continue to review, monitor and keep your risks up-to-date. This will ensure compliance with best practice. Make decisions with the potential change in risk in mind. But give consideration to the level of uncertainty or confidence associated with estimating that risk.
Number 8: Improve your process
As with all processes, there should be an expectation that the risk process can be continually improved. Gather and examine information from your internal audits and encourage open discussions with staff to gain their feedback. Are you getting the most out of your risk management activities?
Number 9: Is it really a risk?
For every downside there could be an upside. Consider if the risk is actually an opportunity to improve your organisation or gain a competitive edge. For example, staff retirement can leave a knowledge vacuum. Create a simple mechanism to capture and retain that valuable industry and corporate knowledge – this means that you can protect your productivity and operational efficiency.
Number 10: Don’t stop
Your risk management activities shouldn’t cease just because you’ve been ‘lucky’ for the past ten years. Continually measure your exposure as well as your history and prepare for any stormy seas that may lie ahead. Remember to make sure your risk management plan links to your goals and set up a way to measure its success. Provide sufficient resources for implementation across the organisation and explain about risk management to all employees including during induction of new staff.
BONUS TIP:
Risk transfer means moving risks to other organisations such as banks, insurance companies etc. This is only an option if the cost of doing so outweighs the financial impact of the risk. If the organisation decides to transfer its risk, it is critical to have properly constructed contracts. Seek out a legal knowledge source, someone that you trust, to ensure that you understand and cover your risk transfer. Our friends at Lab Law can help with this – email maree@lablaw.com.au
What if I need help?
That’s what we’re here for!
We’ve developed a training course specifically designed to help labs. Head to our Risky Business training page for more details on this course.
Plus we’re always available for support and advice. You can phone Maree on 0411 540 709 or email info@masmanagementsystems.com.au and we’ll be happy to help.
Remember, you don’t have to do this alone!
Download the article Risky business