In this article, we’ll look at common pitfalls in risk management and how best to mitigate them.

We spoke with Andy Oldale, Executive Director of Finance & Governance at Yorkshire Housing, about making risk management engaging, realistic, and relevant.

What is Risk Management?

The Association for Project Management (APM) defines risk management as:

“the focus on anticipating what might not go to plan and putting in place actions to reduce uncertainty to a tolerable level.”[1]

The main objectives of risk management include protecting and strengthening:

  • Values, ethics and sense of belonging
  • The entity’s tangible and intangible assets
  • Growth of organisational culture
  • Leadership and relationship
  • Effectiveness and efficiency of processes
  • Resources for strategic priorities
  • Stakeholder’s satisfaction[2]

Andy highlighted that the key to risk management is to not attempt to reinvent the wheel.

Managers can often be pressured by the board to do something entirely unique and diverge from the established frameworks.[3]

Whilst innovation can be great, it doesn’t mean making up a new definition of risk management. However, this doesn’t mean there aren’t opportunities to tailor risk management to fit your organisation.

Understanding the Board

A recurrent challenge can be understanding the board’s actual risk appetite. Simply, how much risk are the board members comfortable with?

Figuring out the risk appetite is vital as it should form the guiding light for overarching strategy and management decisions. It should be a constant benchmark to use when calculating whether a decision is too risky.

One reason this is difficult is that there is often disagreement amongst board members on what an acceptable amount of risk looks like.

To help with this, it’s important to ensure that the risk appetite definitions are clear and there is consensus amongst the board. This could include facilitating debate amongst members to help establish a strong understanding and agreement.

It’s also pivotal that the agreed-upon risk appetite is consistent with the overall business strategy. A more aggressive business strategy will lend itself to a greater risk appetite, and vice versa.

Andy was keen to point out that challenging board members with factual and evidenced examples of how greater or smaller risk appetite could impact the business can help to open their eyes to the realities behind their decisions.

Risk management should be presented as part of the business strategy.

Risk or Reality?

Analysing the risk register and deciding whether or not the correct decisions have been made in another part of the process can cause difficulties.

Andy gave the example of Brexit, which dominated conversations about risk and became the predominant event on companies risk registers.

However, the implications of Brexit became overshadowed by the newer and arguably greater risk of Covid-19.[3]

Contextualising these kinds of events and happenings is crucial, and both of these examples are no longer risks but realities.

Both were considered risks because of the perceived negative economic impacts they would cause.

With Brexit, these concerns were more heavily politically influenced with a case being made that it would be beneficial economically.[3]

With Covid-19 there was the obvious and immediate impact of the pandemic and lockdown restrictions, with many businesses having to close and put their workforce on furlough.[3]

What Andy emphasised was that these went from risk to reality very quickly, and it’s important to have consistent frameworks in place to differentiate between what could happen, and what is already happening.

Establishing whether something is a risk or reality can then help to uncover the consequences and decide whether or not the business needs to be worried, or to what extent these concerns need to be taken into account.[3]

Making Risk Management Exciting

According to Andy, risk management is ultimately boring, but it shouldn’t be.[1]

When carrying out risk management workshops or delivering presentations on risk management systems, it is vital to make them engaging.

Delivering an overly complex or drawn-out framework can lead to disinterested board members and a lack of overall stakeholder buy-in.

Risk management helps define how a business is run. Putting it in financial terms that will grab the attention of stakeholders, and putting it in terms that are easily understandable and measurable alongside business strategy can be massively helpful.

Elucidating that risk management is a business decision rather than a simple ‘tick-box exercise can help establish a better, more comprehensive strategy with greater input from more senior stakeholders.

Getting away from the impression that risk management is a regulator-enforced activity devoid of relevance to the actual running of the business should be a priority for risk management teams.

It should be embedded throughout the organisation through risk panels, keeping it as a standing agenda item in company meetings, and holding risk clinics and workshops regularly.

Gauging the audience and encouraging interaction during risk management sessions can also help them be more exciting. Something as simple as using technology to allow board members to vote on risk scenarios can help keep them interested in the session.

Building enthusiasm through an engaging and interactive presentation can make the work put in ‘behind the scenes’ of risk management pay off.[1]

Looking to the Future

Being open-minded and looking further afield than your own immediate industry can help to develop better risk management strategies.

There are a lot of resources online concerning risk management, and it is worthwhile having a watchlist to check regularly the latest updates across industries.

Designing risk management to suit your own business whilst drawing on the experience of others can also help it become more relevant and engaging, as well as a better part of the business strategy.


[1]APM.org.uk. 2021. Resources: What is Project Management?

[2]Modernisation Group on Developing Organisational Resilience. 2021. Task Team on Risk Management: Definition of Risk Management

[3]Oldale, Andrew. 2021. Executive Director Finance & Governance, Yorkshire Housing. Risk Management: Overcoming Challenges & Avoiding Mistakes

How useful was this article?

Please click on a star to rate it

In this case study we’ll look at common pitfalls in risk management and how best to mitigate them.

Register FREE to access 2 more articles

We hope you’ve enjoyed your first article on GE Insights. To access 2 more articles for free, register now to join the Government Events community.

What you'll receive:
2 FREE articles/videos on GE Insights
Discounts to GE conferences and GovPD training courses
Latest events and training course updates
Fortnightly newsletters
Personalised homepage to save you time
Need unrestricted access to GE Insights Now?