Systems and processes exist in our dynamic world. Each organization and situation is different. Just as there is not one risk management process that works for any organization, there also is the need for continuous improvement of an existing system.
When first designing a risk management process for your organization, you consider your objectives and adjust a framework to fit your needs. Over time your objectives and the surrounding environment changes, thus requiring a critical look at your process.
In the check step of the PDCA cycle, we reviewed our process and evaluated if the system is meeting our business objectives. In this step, we take action to improve the process. Removing unnecessary or redundant elements and implementing improved elements in the risk management process.
In theory, one could routinely look for improvement opportunities, yet in practice, it may require taking time to focus on implementing specific changes to the process. Set aside time each year to develop and implement elements of the overall process. Take what has been learned concerning what is working or not working so well, and make changes.
Indicators of the Need for Continual Improvement
Besides a routine, annual, evaluation and improvement activities, you may find that the current system is just not able to meet current business objectives. As the world, competitive landscape, and your organization changes you have to adjust and improve your risk management system.
Here are few indicators that a review and improvement stage has arrived:
- Environmental, Business model or customer requirements experience disruptive change
- There is a material change in reporting
- Identification or changes to chronic or systemic risks
- There is a substantive organizational change (new reporting lines and structure)
- There is a breakthrough innovation for a product offering
- There is a breakdown within the internal reporting structure
- There is a breakdown within the internal control mechanisms
The framework provides a means to craft a useful risk management program with your organization. It is tailored to your organization’s environment and situation. As the environment or situation changes so should your process. Carefully monitoring your risk management process and the context it operates will provide opportunities to implement improvements to your process. The intent is to have a vital process able to serve the needs of the organization even as the world about it changes.