A to Z of Customer Experience

A to Z, Business Strategy, Business Continuity, Information Security, Marketing, Social Media, Business Transformation

Customer experience encompasses every aspect of an organisation’s offering – the quality of customer care, of course, but also advertising, packaging, product and service features, ease of use, and reliability. How can you drive a consistently good and improving Customer Experience for your customers or prospects?

In this A to Z I’ll give you some of the answers and some tips from Think Oak!

A – Attitude

I could start and finish this post with ‘A’ for Attitude.

Not many people wake up in the morning and say “Today, I want to make life miserable for our customers.” Yet every day, employees at all levels of organisations make decisions that end up frustrating, annoying, upsetting or losing their customers.

Changing people’s attitude is much harder than teaching them new skills. It is much easier to get staff to do the “right” things when you have hired people with the “right” attitude and who have a history of behaving the “right” way.

You need to recruit people who understand that the aim in business is to have profitable customers who stay with you for a long time and, therefore, who realise that looking after existing customers so that they come back again and again is the Number One priority.

Dealing with employees with the wrong attitude also needs to be a high priority for you as a leader. Tough conversations and ‘attitude’ management are a must if your are serious about a great customer experience.

B – Behaviours

I’m a raving fan of all things Disney, and Disney takes behaviours and training extremely seriously and they do it very well. So much so that their methodologies are used in many other companies and organisations around the world.

Disney has ‘Cast Member’ and ‘Management’ behaviour guidelines that they have recently updated and rolled out across their theme park employees and managers:

The Disney Service Basics

  • I project a positive image and energy
  • I am courteous and respectful to all guests, including children
  • I stay in character and play the part
  • I go above and beyond

The Disney Leader Basics

  • I demonstrate commitment to cast members
  • I know and manage my operation, and I teach it to cast members
  • I lead and monitor cast performance and operational improvements

Within each ‘Basic’ behaviour lay some underpinning ways of working / behaviours that are expected from all employees:

As an example, within ‘I go above and beyond’ are principles such as:

  • Anticipate needs and offer assistance
  • Create surprises and Magical Moments
  • Provide immediate service recovery

Almost wants you to become a customer straight away!

In summary, consider the following:

What behaviours are central to your Brand Vision?

Do your people know, understand and embrace these behaviours?

What are you doing every day to embrace your organisation’s behaviours and set an example to your people?

How do you drive collective positive energy around your organisation’s behaviours and more importantly are you hiring, developing and firing on behaviours?

C – Customer Centric Culture

How many company vision statements state something along the lines of, “We put the customer at the heart of our business…” and how many companies truly organise themselves around the customer?

I would advocate 5 steps to get you started:

  1. Talk to customers yourself as often as you can and not about your products and services – Get to know their business and their priorities and challenges
  2. Talk to your customer facing people just as often – sales, customer services, cash collection, engineers and so on. What barriers, issues, challenges, ideas, compliments and complaints do they get from customers
  3. Get your people whether customer facing or not to talk to customers at least once a month and if not talk, listen in to customer calls
  4. Make ‘Customers’ a standing agenda item in ALL meetings
  5. Elect some Customer Champions from your best people and get them actively engaged in your most important projects championing the voice of the customer above all else

D – Delight

There’s a difference between consistently meeting customer expectations and delighting customers, and the outcome is the difference between a satisfied customer and a promoter – a ‘Raving Fan’.

Customers expect to have their requirements met. It’s a hygiene factor. You expect your local ATM to work and have money in it. You expect a company to know your spending history when you have a query. You expect your hotel room to be clean when you have an over-night stay. When this isn’t the case you may move your customer from satisfied to a detractor, who is very likely to leave you over time and tell others about their dissatisfaction.

A satisfied customer is likely to leave you at some point for pastures that little bit greener. A promoter, a Raving Fan, will not. They will be loyal and they’ll talk about you positively to whoever will listen.

How to delight a customer will vary widely depending on your products and services, but always be looking for the edge, differentiators that matter. Get your people to do the same.

I would suggest two areas to think about:

  1. Fix the things that cause your customers to call you or cause them pain. Be easy to do business with. I’ve been an Amazon customer for over a decade now, and I’ve had to call them once and that was nine years ago. I literally spend thousands of pounds a year with them and they are so easy to do business with. I’ve never once understood a fuel or electricity bill and consistently feel frustrated with the whole industry. The day Amazon start selling fuel and electricity, I’ll move!
  2. Find ways to delight – it could be as simple as a free cookie on check-in like Double Tree by Hilton or a full valet when you take your car for a service. They stand out….for now. Finding ways to keep raising the bar in customer experience for your industry will ensure you maintain and grow market share as well as increased share of wallet.

E – Engage, Enrol and Enthuse Employees

You can have the best Customer Experience strategy and tools in the world, but without the understanding, buy-in and passion of your employees your strategy is worthless.

Please see a previous post ‘Communicate or Fail’ for some top tips!

F – Fail Fast

Don’t get me wrong, failure isn’t a good thing, but procrastination in getting a new product out of the door or not doing something because you haven’t got all the data isn’t a good thing either. Allowing yourself to try new ways of working, marketing, new products or service enhancements in a small way, and finding out quickly what works and what doesn’t from a customer perspective will help you to fail fast, tweak your proposition and try again. Once you’ve discovered what works in your marketplace you can then widen this out further and invest more energy and money into being successful AND providing a better a customer experience.

G – Goals, Objectives and Measurement

If you’re a regular Think Oak! reader, you’ll know my passion for having goals, objectives and that you must measure progress against them. This is especially true of Customer Experience. Many organisations large or small, think that if you hire the right people and put in the right processes that Customer Experience will take care of itself. Wrong. If Customer Experience is to be truly part of your organisation’s DNA, then you need to have at least one strategic objective embracing it with underpinning goals that are regularly measured and an owner whose ‘raison d’être’ is to live customer experience. For some organisations this is where accountability stops. For Customer Experience to be embraced by everyone and for an organisation to be truly customer centric, at least one of everyone’s personal objectives should be around improvement of the customer experience.

H – Heroes

Heroes, your high-performing customer facing employees, can have a huge impact on Customer Experience, and when nurtured and recognised can truly accelerate cultural change in an organisation.  When a company celebrates sales, they sell more – but perhaps at the expense of delivery issues.  When it celebrates product management, new products come out quickly – including those without customer demand.  But companies with a great customer experience use the customer feedback to understand their level of customer satisfaction, and then celebrates those who engage customers at a superior level. Who are the often unsung proponents of customer experience in your organisation? Is it the receptionist, whose sunny disposition brightens up the day of every customer the speak to? Is it a security guard that always goes out of her way to be accommodating for unexpected customers arriving at your car park? Is it a sales person that goes the extra mile to ensure that the customer gets what they’ve paid for on the day they’ve been promised it?

Find these people and make them an example of ‘what we do around here’ and what good customer experience looks like. Tell these stories in company emails and newsletters. Reward your heroes and put them through further development, give them new opportunities to shine and you’ll be amazed at the halo effect these people have in your organisation in a short period of time.

I – Industry Insight

Keeping abreast of what competitors and industry thought leaders are doing and saying is crucial in order to stay ahead of the game with your customer experience.

If we look at the demise of Comet or Jessops as an example. Today’s fast-paced retail market demands an environment that provides shoppers compelling reasons to buy in-store and to convert that sale. By offering too little information on products and poor employee training, retailers like Comet force customers in-store to use their smartphones to check reviews, product specs, and inevitably competitor and price comparison websites. All too often this approach will result in the customer leaving empty-handed and looking to purchase elsewhere.

To survive, high-street retailers, as well as other industries, must operate as a cost leader and adopt a genuine integrated multi-channel approach. They must think about how shoppers want to buy and to be treated – Apple’s showroom approach is a great example of an engaging environment and people that enhance brand loyalty.

J – Joined up Experience

In today’s ‘hyper-connected’ marketplaces, customers can interact with your organisation in multiple ways.

They expect a certain level of service using each of those channels :–

  • If they tweet to your service department, they expect a response within seconds or minutes
  • If they email you, they expect a response within the day or sooner and so on.
  • They also expect you to know who they are when they contact you
  • How many of your products and services they use
  • How much they spend with you and ideally know why they might be calling you

How do you ensure that you deliver your brand values across all of these different media with the right customer experience for them as individuals?

Even though most companies have created systems to address most of these channels and touchpoints, they often created them independently, making it difficult to maintain consistency and know what happened in other interactions to improve the next interaction. This often results in duplicative systems and processes, which are not only inefficient, but also costly. The lack of a seamless dialogue between the customer and you across all touchpoints creates customer frustration, which results in lost sales and lower customer satisfaction.

K – Knowledgeable

Unlike the customer of a decade ago who did not have easy access to product information and multiple avenues by which to locate and purchase products, the customer of today can easily access information, compare prices and formulate product or service questions in the comfort of their home, office, train or local coffee shop.

Today’s customer wants the convenience of researching and making purchasing decisions without having to leave their home or office. Does your web presence allow them the ability to acquire enough knowledge about your product or service to make a purchasing decision? Is it possible to make a purchase right now? Twenty-four hours a day? On the other side of the world?

Because your customer has the ability to perform their own research regarding your product or service, they expect your employees to know even more! Have you ever asked questions regarding a product or service only to feel that you knew more than the employee? Your customer expects your employees to be experts. Are your employees trained properly? Do they know the history of your company? Do they know how your products are made? Materials required to manufacture the product? Can they provide comprehensive answers regarding your service concept? Are they familiar with your competitor’s products/services and how they compare to your offerings? When today’s customer interacts with your company, they want assistance from  competent,  knowledgeable employees.

L – Listen, Think, Do and Learn

This 4 point plan is very effective in ensuring you keep focussed and continuously improving your organisation’s customer experience.

Listen – Capture customer feedback and sentiment as often as you can, wherever you can. Obviously regular formal research, is very useful (See A to Z of Marketing), but any interaction with a customer is an opportunity to capture information that could be useful to your organisation.

Think – Gathering information and reporting it to ‘management’ is all well and good, but without analysis, thought, insight and recommended action, it’s pretty useless. Certainly from a customer’s perspective. This is not a one-off activity!

Do – Once you’ve listened and thought, you need to act on this insight. What are you going to do differently? You need a plan, you need to execute against it and you need an owner to drive it through.

Learn – Any changes you make to the customer experience need to be measured and improved upon which takes you back to Listen – get feedback on your changes. Has the customer experience been improved? By how much? For which customers?

M – Moments of Truth

“A Moment of Truth is a chapter in which the customer comes into contact with any aspect of the company, however remote, and thereby has an opportunity to form an impression.” – Jan Carlzon, former President of Scandinavian Airline System

Each customer contact is a unique, unrepeatable opportunity for a company to differentiate itself from the competition. Every decision should be made with the customer in mind and viewed as another opportunity to make a favourable impression. Unfortunately, failure to satisfy a customer on any Moment of Truth will quickly destroy the customer’s memory of good service. On the other hand, getting it right can erase many if not all the wrongs that the customer previously experienced.

N – Net Promoter Score & Customer Satisfaction Measures

Net Promoter Score (NPS) is used by many of today’s top businesses to monitor and manage customer relationships. It is a useful measure of the likelihood of successful WOM (Word of Mouth / Word of Mouse) of your customer base (see W). I would argue that it is only one measure of customer satisfaction that you should be measuring, as by itself does not give you the breadth of detail you’ll need to address any issues that arise.

NPS is calculated from a single loyalty question, “How likely is it that you would recommend this company to your friend or colleague?” Based on their rating of this question using a 0 to 10 likelihood scale where 0 means “not at all likely” and 10 means “extremely likely,” customers are segmented into three groups:

Detractors (ratings of 0 to 6)

Passives (ratings of 7 and 8)

Promoters (ratings of 9 and 10)

A company can calculate its Net Promoter Score by simply subtracting the proportion of Detractors from the proportion of Promoters.

A successful Net Promoter program includes several factors that work together. Although NPS is useful, the most prevalent cause of failure in Net Promoter programs is the inability of the organisation to go beyond the metric and build out a complete operational model with NPS as its centerpiece. The breakthrough in Net Promoter comes from shifting the entire program from a research model to an operational model and embedding it in the business.

O – Online Experience

As the online channel has evolved, the customer journey has become more complex, and we’ve seen customers exert increasing power and influence over their relationships with brands. Below are 3 core areas of focus that you should think about for your organisation’s online strategy.

First, realise that it’s no longer acceptable to deliver a one-size-fits-all online customer experience. Instead, you must demonstrate that you know your customers by providing them with a relevant and personalised online experience that takes their preferences, behaviour and past history with your brand into account.

Second, understand that social networks like Facebook and Twitter have raised customers’ expectation levels for online interaction both on and off of social networking sites. To fulfil these expectations, provide your customers with an online experience that makes it easy for them to interact socially with your brand by incorporating user-generated content capabilities such as ratings, reviews or comments into your web presence.

Lastly, with the widespread use of mobile phones and tablets, the online experience is no longer restricted to the traditional web presence accessed on desktops and laptops. Instead, today’s customers are taking the online experience with them wherever they go in the form of a mobile phones, tablets and televisions.

P – Personalise where possible

As I stated earlier, making an experience a personal one for a customer, can really drive customer loyalty and customer recommendations.

Personalisation isn’t simply a case of adding a customer name to the top of an e-mail. It’s now possible for organisations to communicate with their customers about their individual interests and preferences.

The degree to which the experience is able to be tailored towards the needs of the individual and reflects their particular circumstances will vary by market. Customers of Amazon have long marvelled at how the recommendation engine is able to find items that seem to particularly appeal to them as individuals are then able to set a delivery date that meets their requirements for time and cost. Regular customers at the Ritz Carlton love that their favourite drinks and snacks are already in their bedroom when they arrive. Almost every customer I’ve met of the bank First Direct is a Raving Fan. Why? Well they’re treated as individuals, they feel listened to, their issues are resolved first time.

Q – Quirky but Quality

Innocent drinks are now hugely popular in the UK and sold in 14 other countries around the world. When they started selling smoothies, this was not the case. The founders sold them at music festivals whilst holding down full-time jobs. Their founding mission was to serve their customers high quality natural, fruit ‘smoothie’ drink prepared with the best quality raw materials within an affordable price and gradually increase their market share every year. At the heart of the business was a quality, healthy product that did people some good.

Innocent Drinks are known for their quirky, tongue in cheek approach to branding and marketing. They nurture a ‘friendly’ image – Instead of printing the normal small print list of ingredients, Innocent instead print their text in a larger font and include jokes and other amusements in their lists of ingredients. An example, from the blackcurrant flavoured spring water drink, is the inclusion in the ingredients list of ‘1 woolly jumper*’. Following the asterisk gives the reader the word ‘baa’. Sheep are not, of course, an ingredient in the drink. This is one example from hundreds they’ve incorporated into their brand and culture to make them a brand that customers want to be associated with.

R – Relationships

If you haven’t worked it out yet, business is all about relationships. The depth of relationship is proportionate to the loyalty of your customers, the deeper the better. Below I’ve outlined the Think Oak! 6 levels of Customer Relationship:

Mark Conway, Think Oak, Customer Relationships

S – Single View of a Customer

In today’s hyper-connected world, customers can interact with a brand, through multiple channels. They do not split their dealings with a brand into experience by channel, they just experience ‘the brand’ as a whole. It is true that some channels will be stronger than others within a brand’s marketing mix, but the strength of the experience is weighted by the weakest channel across customer interaction. For the single customer view, this means that brands must focus on a unified customer experience and appreciate the role of the individual within that process. The quality of each channel must be consistent whether Facebook page, Twitter stream, mobile application or sales assistant in the retail outlet, and the focus should always be towards the customer.

Investing in the tools and technology to make this happen will give you the return on investment several times over, especially as many of these tools are much more readily available and affordable than ever before.

T – Technology can help, but only so much

Competing in the ‘Age of the Customer’ relies heavily on your ability to deliver technology that improves the customer experience.

In order to deliver this, you must understand your customer experience ecosystem – the complex set of relationships among your company’s employees, partners, and customers that determines the quality of all customer interactions.

With constant technological advances, businesses have a variety of ways to instantly transform the way their customers interact with their businesses. For example, you can use social media for real-time communication with your customers or adopt a customer-relationship management system to manage customer preferences.

Here’s the catch. Your people need to understand that the importance of capturing, cleansing and using the information in the systems. Technology can help, but you need well-trained and motivated teams to truly transform your customer experience.

U – Understand Customer Needs and Desires

The ability to understand and share the feelings of customers is essential to providing better customer experiences. If you understand your customers, you’ll be well equipped to give them exactly what they need. Here are 3 specific ideas that you can use to engage with customers to build a deeper level of understanding.

1. Share customer insights

Customers share their experiences with companies all over the Internet. It’s likely you’ll need special technology to mine through thousands of social media posts, product reviews, e-mails and so on, but doing so can help you gain insight into what your customers think/feel about your organisation. Collect and share this data with everyone in your company and talk about ways you can use it to improve customer experience.

2. Become a customer

Mystery shop yourself and your competitors and track your experiences. Walking a mile in your customers’ shoes is the fastest way to gain insight into their perspective and how they experience your organisation first hand.

3. Create a life-sized map of the customers’ journey and walk through it

Make a detailed illustration of your customers as they travel through different parts of your organisation. Map out their experiences. Have employees walk through the customer journey, describing and discussing what they see from the perspective of a typical customer at any given touch point. You’d be amazed at what you’ll find!

V – Values

Do you have Brand Values in your organisation? Are they customer focussed values? More importantly do your people display these brand values? If you answered no to any of those 3 questions, you have some work to do.

See previous Think Oak! post – Strategy AND Culture For Success

W – Word of Mouth / Mouse

More than at any time in history, Word of Mouth and especially Mouse is having a huge influence on purchasing decisions and behaviour of customers and prospects. Whether as a consumer or a business decision maker, I seek the opinion of those I trust before I make a purchase decision. Do you know who influences your customers and where? How do you influence these influencers?

Whether offline or online, you need to understand who these people are and who they’re connected  to. I would really recommend Malcolm Gladwell’s book, ‘The Tipping Point’ to understand the power of the Maven – the information specialist, and the Connector – a human social hub, the people who know everyone and have large personal, business and social networks.

X – Xtra Mile Experiences

What can you and your people do to go the Xtra Mile for your customers? To get your creative juices flowing, I’ve listed just some of the ways others do that little bit Xtra:

  • Some restaurant chains offer you a free drink or free dessert if your table isn’t ready when you arrive
  • Complimentary Choc-Ice to watch your in-flight movies on Virgin Airlines
  • Stay at a Disney Hotel and you can enter an hour earlier to the theme parks
  • Zappos have removed all the barriers to buying shoes online. They offer free shipping and free returns
  • Tiffany provides (in addition to the little blue box) free lifetime cleaning of your rings

The above examples are ‘processes’ to deliver that little bit extra. What about the non-standard Xtras? Empowering and training your employees to make their own decisions to sort customers’ issues out allows them to create Xtra Mile moments of their own. Check out ‘Stories that stay with you’ from Ritz Carlton

Y – Yes it matters!

By now you should realise, if you didn’t already, that Customer Experience matters. You can differentiate on customer experience and you should! It should form part of your organisation’s strategic objectives, it should be front of mind alongside growing revenues, managing costs and pleasing your key stakeholders, because whether you like it or not, customers are stakeholders in your organisation – without customers, there is no organisation.

Z – Zero to Hero

Even the best organisations get it wrong sometimes. How you recover from a customer-affecting issue can mean the difference between a customer being a vocal detractor and a promoter of your organisation.  In my experience there are several steps you should follow to turn a situation around – BALANCE:

  1. Be Proactive – The best way to avoid a problem becoming a disaster is to be proactive. Build monitoring into your processes so that you can quickly find the route-cause of problems when they occur.
  2. Act Quickly – Don’t wait for an army of customers to complain about the same issue before your start to act. Reacting quickly to a problem might mean you can contain the problem to a small number of customers. Ensure that you have built training and escalations into your problem resolution processes so that decisions can be made quickly.
  3. Listen to Customers – Ensure that you listen to your customer.
  4. Apologise – Effectively communicating empathy and apology throughout the service recovery can rebuild customer relationships and trust. Assure your customers that their problem is important to the company and that it will be addressed.
  5. Neutralise the problem
  6. Communicate – If the problem cannot be resolved quickly, keep the customer updated on progress at regular intervals until it’s resolved.
  7. Exit Effectively – Once the problem is resolved, give the customer the best explanation you can, compensate them if appropriate and give them the confidence that this will not happen again.

When you resolve failures quickly and effectively, acknowledge and apologise for the problem, and then respond to their critical need, most customers will pay you back with continued or increased loyalty, goodwill and even perhaps, repurchasing.  Even major service failures are opportunities to show the reliability of your customer support functions and provide the most positive experience possible, moving you from Zero to Hero!

I hope you enjoyed this A to Z, and as always would love to hear your feedback and stories of great Customer Experiences!

Avoid the Mushroom Culture – The Seven Deadly Sins

Mushroom CultureI’m sure many of you have heard people say:

Nothing stifles an organisation’s possibilities more than poor communication. Actually that’s not strictly true. Three things do – telling lies, partial truths or nothing at all.

In this post, I’d like to highlight some of the common pitfalls around communication or lack of it.

Common Communication Pitfalls – The Seven Deadly Sins

1. Not Communicating The ‘Why?’

As Simon Sinek says in his fantastic leadership book , ‘Start with why‘:

‘People don’t buy what you do, they buy why you do it’.

In your organisation, do your people know the ‘why?’ Do they know why they didn’t get a pay rise this year? Do they know why headcount needs to be reduced? Do they know why you’ve just restructured the organisation? Do they know why their job is important to the organisation? Do they know why your organisation exists at all? Do they know why customers buy from your organisation?

As Simon also says in his book, and I paraphrase – ‘Every single one of us knows what we do. Most of us know how to do our jobs, but how many of us know the ‘Why?”

When communicating any message, good or not so good, it’s hugely important to impart the ‘why?’. In my experience, people who are motivated, passionate, and really good at what they do, tend to understand the ‘Why?’. In fact I’d go further and say that I believe the ‘Why’ drives the passion and motivation. It might be a personal ‘Why’, but it will be there.

In today’s economic climate, most people understand that difficult decisions need to be made, but you need to tell them AND the authentic reason for them to buy-in to the message.

2. Communicating Too Slowly or Not At All

People assume the worst when they hear nothing. Good and passionate employees want to know what’s going on in their organisation, and beyond their department boundaries. They want some visibility into the organisation’s plans and where they fit within them. Senior managers who can’t  or won’t discuss their organisation’s goals, strategies, vision and performance are all but guaranteed to spend a great deal of time recruiting. Marketable top performers want to be engaged and involved and won’t stand for being left in the dark without the information they need to do their jobs well.

Just as damaging can be when senior managers hold out for so long on making an announcement that employees start walking the corridors for information. Very often, they are forced to draw their own conclusions (and often the wrong ones!) about the reasons for what’s going to happen or has happened. Perceptions about the company withholding information are often more damaging than providing the “negative” news in the first place.

3. Not Being Honest

The very worst you can do in communicating a message is to lie and only marginally better, to not tell the whole truth. You WILL be found out, and your personal credibility and /or that of your organisation will be damaged, possibly irreparably.

I will make a bold statement. Your people can handle it. You don’t need to couch your message in fluff or half-truths. If your organisation is publicly owned or the message or timing is sensitive, be as honest as you can be without breaking confidence or legislation AND when you are able to say something more, make sure that you do at the first opportunity.

4. One Size Fits All Communication

People process information differently. For some of us, we like to be walked through in a great level of detail in order to fully understand a change or a message. For others a quick email will suffice. For others they may need to hear the message a number of times before the impact of a change on them is understood. Organisations that send out a  single global email imparting important news are failing to get their message across and failing their people. A mix of communication channels need to be thought about carefully when delivering important news or change. Face to face communication is always best, but with the geographic spread of many organisations and service organisations with call centres and shift patterns, this may not always be practical.

I find that a mix of communication channels is the most effective. Further detail on communication channels can be found in a previous post Communicate or Fail Part 1 and Part 2.

5. Assuming Your People Wouldn’t Understand

Organisations don’t employ stupid people. If they do, that’s a whole different blog topic and a short-lived organisation! People have mortgages, children, debt, cars, bills to pay, personal challenges to deal with, bereavement, stress, relationship challenges…I could go on. They can deal with difficult messages. They may need support, but they can handle it! They are also very aware of when a message is being dumbed down or the full story is not being told. If you have a complex message to deliver, make sure that you consider how the message is going to land, what reinforcement might be needed, whether you need to engage with external agencies to help you and what you want and need the outcome to be.

6. Not Checking That The Communication Has Been Understood

I am astounded at the number of businesses that do not measure whether messages or change initiatives are understood, never mind effective. In some cases huge sums of money are spent on internal ‘campaigns’ that are completely ineffective at best or actually have a negative impact on the people that they are trying to motivate. It’s hugely important that all communications campaigns – either external or internal are measured. Even anecdotal feedback from across key influencers within your organisation will give you an indicator of how a message has landed and whether further work is required.

7. No Reinforcement Of Communication By Managers and Supervisors

The ‘Marzipan’ layer as I call it, is rife in many businesses and public sector organisations. Information often stops at the senior management layer and gets no further, at least not consistently if it does. It’s not news that managers are key to effectively delivering messages and engaging employees. When leaders and managers convey confidence to employees, they build trust, which can help stoke employee engagement. In many ways, managers and more importantly team leaders and supervisors are the face of the organisation for employees, vital for translating mission, values and strategy into behaviour and action.

The best companies recognise this connection and go beyond simply providing managers with information to pass along to employees. They prepare managers to move away from cascading corporate messages and toward sharing the meaning of these messages with their team – back to the ‘Why?’. This requires engaging with managers, listening to their reactions, supporting their personal change journeys and crafting content that can be delivered in a manager’s own voice.

By avoiding these 7 deadly sins you’ll have a much better chance of engaging your employees in change.

As always would love to get your feedback and thoughts so please give us your thoughts. Until next time…

007 ~ An Agent For Change

Change Agent, 007, Live and Let Die, Oak Consult, Mark Conway, Organisational Change, Effective Listening, InfluencerThe original version of this post was a partial celebration of the 50th Think Oak! post together with the 50th Anniversary of the James Bond Movies. What better way to celebrate than to talk about very special agents, Change Agents!

Firstly what is a Change Agent?

A Change Agent is a person who leads change within an organisation, by championing change and by helping to communicate the excitement, possibilities, and details of the change to others within the organisation. A change agent doesn’t need to be a full-time, formal role. It can be simply the way someone chooses to be in an organisation.

What are the personal qualities of the ‘007’ of Change Agents?

The Best  Change Agents ‘LIVE AND LET DIE’

L – Love Change!

Probably not a surprise to you that the best agents of change, love change! They thrive on being involved in new ideas, initiatives and projects and are not afraid to roll their sleeves up to get the job done.

I – Innovative

I’m not talking of their ability to develop exploding pens, but innovation in the way they communicate, engage and enrol others in the change effort. They don’t just come up with ideas, they know how to apply them.  Great Change Agents are curious, experimental, and they apply their discoveries to the organisation’s goals.

V – Visionary

Great change agents help to shape the future. They can see very clearly where the change effort needs to go and have a clear vision of what the future will feel and look like, and more importantly the key steps to take the organisation there.

E – Enthusiastic

Change Agents need to have enthusiasm in abundance. It can often be a tough role and often requires a great deal self-motivation to keep momentum in an organisational change effort.

A – Articulate

Communication is THE most important part of being a good agent for change. The best of the best have the ability to articulate the WIIFM – ‘What’s In It For Me’ at all levels of the organisation. They know what makes people tick and know how change will impact individuals and teams alike.

N – Not afraid to speak the truth

This one is certainly near the top of my list for a killer Change Agent. Change Agents, by their very nature, speak to people on the shop floor right the way up to Chief Executive level in organisations. They hear what the ‘troops’ are saying and they see how the senior management interact and behave. By being effective, and by speaking the ‘awful’ truth when necessary, they can be the conduit from the bottom to the top of an organisation, conveying key news, good or bad, straight to the people who can change things for the better.

D – Deliver + 1%

Bond always delivers and then some. So do great Change Agents. They always go the extra mile to ensure that everyone that is impacted by change are engaged, enrolled and bought in to what is required of them. They work tirelessly to engage with the key influencers to ensure that the organisation is as prepared as they can be for change.

L – Listening

Those that are avid readers of Think Oak! know of my passion for generous or active listening. Great Change Agents are masters at listening for what is being said and more importantly for what is not being said, taking time to really understand the challenges that individuals, teams, departments and functions face. They take this feedback and tailor communications and training as well as feeding the learning back into the wider organisation.

E – Empathetic

To many people, change is unsettling at best and to some, downright scary. A solitary piece of generic communication to the organisation is unlikely to affect change and unlikely to address people’s questions or concerns. Change Agents invest time to understand people’s worries and address them with empathy to get the right results.

T – Trusted

For Change Agents to be effective, they have to build reputation of trust with their peers and others in the organisation. They always do what they say they’ll do.

D – Decisive

Change Agents can’t be procrastinators. Decisions often need to be made quickly especially around people issues and business impact challenges. Great Change Agents act with urgency and aren’t afraid to deliver difficult messages to senior management or management teams.

I – Influencer

Stakeholder awareness and management is crucial to the success of any major organisational change programme. An effective Change Agent is a key influencer in an organisation. The have the ability AND relationships, to overcome issues and barriers quickly. They very often anticipate the challenges ahead and engage with key stakeholders in advance to smooth the road ahead.

E – Egoless

Top Change Agents are not in it for themselves. They are 100% behind the change itself and the success of the organisation.

So whilst a ‘007’ Change Agent isn’t quite as glamorous an individual as James Bond, they’re still pretty special.

Hope you enjoyed the post. As always, would love to hear any feedback you may have.

A to Z of Building a Winning Team

A to Z, Winning Team, Business Strategy, Business Continuity, Information Security, Marketing, Social Media, Business Transformation

Being part of a winning team is a great feeling! Building a winning team is hard work, but can be great fun with some amazing results! Below I’ve detailed Think Oak’s A-Z of Building a Winning Team:

A – Audit Abilities

The very first thing to do when you take on a team or you’re building a new one is to look at the skills you need to win, starting with yourself. What are you good at and where are you lacking? What does your management team need to look like? What types of roles do you need in your team? What skills are needed? It’s really important that you think about these things up-front, before you look at the people you have, are available to you or the gaps you need to fill. Once you’ve answered these questions at the right level of detail, you’ll be in the right position to look at your options.

B – Breakdown Personality Barriers

At any point in a team’s lifecycle there can be conflict. A difference in management or leadership style, a difference of opinion, personal enmity for one reason or another or simply a clash of personality. It’s really important that these are dealt with quickly and you find ways to resolve them without disrupting the team’s momentum. In my career, I’ve found it really useful to take people out of the work environment for a day or two to do some straight talking from the heart about your aspirations, motivations, concerns and ambition as well as taking time to relax and have some fun together.

C – Choose to Win

We all have choices in our lives, but it’s critical for the whole team to be behind your vision from the outset. Everyone needs to make a choice to be part of a winning team and all that it entails to get there. People that don’t want to get on the bus or want to stay along for the ride shouldn’t be given a ticket!

D – Don’t Sweat the Small Stuff

It is extremely easy to spend inordinate amounts of time on things that don’t contribute to becoming a Winning Team or your end goal. Keep an eye out for them within the team and on yourself. If you find them, stop them immediately. If people are working on things that aren’t central to the plan, you need and they need to be asking ‘Why?’

E – Energy Management

Ensuring that there is high energy in your team at all times is not an easy task, but an important one for building a winning team. Effective energy leadership is the ability to read the energy of the group and then alter one’s own energy level to get the group to where it needs to go. You can see this at play in sports, or equally so in the classroom or in board meetings. If people are starting to get discouraged or disheartened, you need to step up, raise the energy level and bring more enthusiasm into the room. Quickly, the team starts to feel more optimistic, the energy of the group shifts up and success, and whilst not guaranteed, is much more likely.

F – Focus on Focus

By aligning everyone’s personal objectives to yours and that of the wider organisation you can ensure that people are focussed on the right tasks. Review performance against these objectives on a regular basis and ensure the objectives are SMART.

S – specific, significant, stretching

M – measurable, meaningful, motivational

A – attainable, achievable, acceptable, action-oriented

R – realistic, relevant, reasonable, rewarding, results-oriented

T – time-based, timely, tangible, trackable

Make individuals accountable for key deliverables and reward them for delivery.

G – Get Out of the Engine Room

Your people will not develop, unite or learn from their mistakes if you deal with every problem that comes up or, if you tell them what to do in minutiae of detail. As a leader you shouldn’t be in the engine room, except for the odd inspection. You need to be on the bridge watching for icebergs and pirates!

H – Help Each Other

The best performing teams in business watch each other’s backs. If they see someone struggling with a task, they’ll help. If one department is really struggling for resource they’ll offer another pair of hands. Passionately investing in other people’s success will ultimately raise their performance and that of their teams and ultimately the organisation. As a leader, a good proportion of your time should be spent coaching, supporting, developing and promoting the rising stars within your team. It strengthens your team, protects it for the future and motivates individuals.

I – Ignite Passion

Find out what motivates your people. We are all motivated by different things and a good manager and leader gets to know what motivates their people and tailors their communication style, delivery and behaviour to get the best out of everyone. Praise and recognition for success and cheering the progress goes a long way too!

J – Just Do It!

You can have the best business strategy and business plans, but they are little use if they are not executed effectively. Decisions deferred, reversed or not made at all will not drive your team forward.

K – Knowledge Share

Winning teams share information, and I’m not just talking Key Performance Indicators. They share best practice when they come across it, they share customer and competitor news, they share any lessons they’ve learnt from a project or product launch. By pooling collective knowledge within and across departments, the organisation can reap dramatic results.

L – Learn From Your Collective Mistakes

Things go wrong. Learn from them, fix them where you can, and move on. We can often spend ridiculous amounts of time brow-beating ourselves and others on things that went wrong. Spend that time working on ensuring that those mistakes don’t happen again by changing process, putting controls in place or ensuring that we watch out for those banana skins we slipped on last time. Should the same mistakes keep happening, you need to look more deeply into the problem and find a way quickly to resolve it – Change the process or system, develop the people or change the people.

M – Measure, Monitor and Manage

The key to long-term success for any winning team is measuring the right things, setting appropriate targets, monitoring your performance against them and altering course or taking action when required.

N – Never Give Up

Many of life’s failures are people who did not realise how close they were to success when they gave up – Thomas Edison

In a previous post ‘6 of the best…failures’ I talked about some famous names from all walks of life who persevered with their objectives to reach their goals. Building this ethos into your team’s behaviours will go a long way to driving success.

O – Organise Yourselves around Your Objectives

Many established businesses organise themselves in traditional hierarchies and functions – sales, marketing, finance etc. Sometimes, especially when changing course with your strategy, it is worth challenging team structures to ensure that they are still optimal to meet the strategy. Some businesses build multi-functional teams that are focussed on one particular project or programme at any time, allowing complete focus on delivery and then breaking the team up again on completion. This approach can have significant benefits over traditional team structures by focussing the right people on the right project with the right skills and motivation.

P – Performance Manage All of the Time

Don’t wait for a quarterly or half-yearly review to give feedback – good or bad. Many people need to know how they are doing every day – ask them what will help them most. Most people need feedback at least once a week. A few can get by with feedback once a month, but even for seriously capable high-level strategic people this is not enough.

Q – Quickly Adapt

The rate of change in business today is fast and only increasing in speed. As change happens, teams and businesses must adapt to the new demands of their customers if they want to stay relevant in the marketplace, which means teams, and therefore individuals, must adapt as well.

To help your team adapt:

  • Understand capabilities and ambitions of your people
  • Match ability to projects you assign
  • Keep hierarchy out of decision making
  • Be prepared to move people around as the world changes

R – Robust Dialogue

Being able to challenge team members positively is a key part of building a winning team. In winning teams, people trust each other to challenge ideas, ways of working and strategic plans. By being challenging of each other, for the good of the team and your customer experience, the team gets better. Challenging each other to gain personal advantage or to score points over one another are the signs of a losing team!

S – Set Out Your Expectations Clearly

A huge proportion of performance problems can be traced back simply to a failure to explain and agree expectations and/or a failure to understand and provide the help that the person needs. Don’t assume everything is understood and perfectly within people’s capabilities. Instead, take time to explain, check and ask until everyone concerned is happy and sure of what needs doing, how, and most importantly why.

T – Treat Everyone with Respect

I love this quote from Winston Churchill – “I am fond of pigs. Dogs look up to us. Cats look down on us. Pigs treat us as equals.”

Whatever your level in the organisation, treat people as equals and with respect.

U – Understand Your Business

This may seem obvious, but I am frequently disappointed by people’s lack of knowledge of their business. Whether you’re on the front line in Marketing, Sales and Service or supporting these functions in IT, Finance or HR, you need to at least understand your company’s vision and strategic objectives. In winning teams, everyone knows these things as a minimum plus they know how their team is performing against Key Performance Indicators as well as what they’re doing to improve against them.

V – Values & Vision

In my view, these are the fundamental building blocks of a winning team. A shared vision together with values that are lived every day ensure that your team is heading in the same direction.

W – Win / Win

This is a personal philosophy, which I’m sure that many in senior positions will disagree on. I believe in openness, especially when it comes to recognition and reward. If the team does well, then the managers and leaders should be rewarded. Obviously levels of reward will differ according to responsibility and personal performance, but if the leaders are remunerated differently on different targets you will not get synergy in the organisation, and certainly not on a sustainable basis.

X – X Marks the Spot

X = the end result on your map – treasure! Whatever your winning team does, there will be an end goal – a successful product launch, a sales target, an improvement in Customer Satisfaction, improved production and so on. Your treasure map is your plan and your team’s focus is reaching the ‘X’ as soon as possible, and before anyone else! Your team need to have a copy of the ‘map’, understand how to read it in case they get lost, and know the importance of beating the competition. They should understand the potential pitfalls along the way, but you need to give them enough tools to make their journey possible and ideally enjoyable!

Y – Yell Success from the Rooftops

Celebrating and publicising success breeds more success, both within your team and organisation as well as externally. People like to associate with winners. You only need to see the number of Olympic medallists on TV at the moment to see that. Success, especially in today’s gloomy climate, is newsworthy, and will put your team and your business in the spotlight, for all the right reasons….and will hopefully bring you more business, and more success.

Z – Zigzag around Barriers

There is rarely a single solution to a problem in business. Winning teams find ways around problems that would leave other teams scratching their heads or giving up. Find out who your ‘Can Do’ people are and keep them close!

Hope you enjoyed this A-Z. As always I’d love to hear your thoughts…

A to Z of Risk Management

A to Z, Business Strategy, Business Continuity, Information Security, Marketing, Social Media, Business Transformation

All organisations, whatever their size or market, face a range of risks affecting the achievement of their objectives. While “risk” is commonly regarded as negative, risk management is as much about exploiting potential opportunities as preventing potential problems.

Risk management comprises a framework and process that enable organisations to manage uncertainty in an effective, efficient and systematic way from strategic, programme, project and operational perspectives, as well as supporting continual improvement. Risk management applies at all levels of an organisation and to all activities.

In this A to Z, I’d like to cover some of the key areas of Risk Management and Treatment and give you a better understanding of this broad topic that underpins multiple quality and ISO standards.

A – Appetite for Risk

Considering and setting a risk appetite enables an organisation to improve outcomes by optimising risk taking and accepting calculated risks within an appropriate level of authority.

The organisation’s risk appetite should be established and approved by Senior Management and effectively communicated throughout the organisation.

The organisation should prepare a risk appetite statement, which may:

  • Provide direction and boundaries on the risk that can be accepted at various levels of the organisation, how the risk and any associated reward is to be balanced, and the likely response
  • Consider the context and the organisation’s understanding of value, cost-effectiveness of management, rigour of controls and assurance processes
  • Recognise that the organisation might be prepared to accept a higher than usual proportion of risk in one area if the overall balance of risk is acceptable
  • Define the control, permissions and sanctions environment, including the delegation of authority in relation to approving the organisation’s risk acceptance, highlighting of escalation points, and identifying the escalation process for risk outside the acceptance criteria, capability or capacity
  • Be reflected in the organisation’s risk management policy and reported upon as part of the organisation’s internal risk reporting system
  • Include qualitative statements outlining specific risks the organisation is or is not prepared to accept
  • Include quantitative statements, described as limits, thresholds or key risk indicators, which set out how certain risks and their rewards are to be judged and/or how the aggregate consequences of risks are to be assessed and monitored.

B – Benefits of implementing Risk Management

Organisations often find that Risk Management provides a combination of both qualitative and quantitative benefits. Below I’ve highlighted five key benefits:


  1. Creation of a more risk focused culture for the organisation

Organisations that have implemented Risk Management note that increasing the focus on risk at the senior levels results in more discussion of risk at all levels. The resulting cultural shift allows risk to be considered more openly and breaks down silos with respect to how risk is managed.

As risk discussions develop into a standard part of the overall strategic business processes, functional units often find that addressing risk in a more formal way helps manage their part of the organisation as well. Communication and discussion of risk is recognised as not only a process to provide information to senior management, but a way to share risk information within and across operations of the company, and allow better insights and decision-making concerning risk at all levels.

  1. Standardised risk reporting

A formal Risk Management System supports better structure, reporting, and analysis of risks. Standardised reports that track enterprise risks can improve the focus of Senior Management by providing timely data that enables better risk mitigation decisions. The variety of data (status of key risk indicators, mitigation strategies, new and emerging risks, etc.) helps leadership understand the most important risk areas. These reports can also help leaders develop a better understanding of risk appetite, risk thresholds, and risk tolerances.

  1. Improved focus and perspective on risk

A Risk Management System develops leading indicators to help detect a potential risk event and provide an early warning. Key metrics and measurements of risk further improve the value of reporting and analysis and provide the ability to track potential changes in risk vulnerabilities or likelihood, potentially alerting organisations to changes in their risk profile.

  1. Efficient use of resources

In organisations without Risk Management, many individuals may be involved with managing and reporting risk across functional units. While developing a Risk Management System does not replace the need for day-to-day risk management, it can improve the framework and tools used to perform the critical risk management functions in a consistent manner. Eliminating redundant processes improves efficiency by allocating the right amount of resources to mitigating the risk.

  1. Effective coordination of regulatory and compliance matters

Financial statement auditors, Insurers and regulatory examiners, have begun to inquire about, test, and use monitoring and reporting data from Risk Management systems. Since Risk Management data involves identifying and monitoring controls and mitigation efforts across the organisation, this information can help reduce the effort and cost of such audits and reviews.

Through all of the benefits noted above, Risk Management can enable better cost management and risk visibility related to operational activities. It also enables better management of market, competitive, and economic conditions, and increases leverage and consolidation of disparate risk management functions.

C – Context

Before starting the design and implementation of a risk management framework, it is important to evaluate and understand both the external and internal context of the organisation, since these can significantly influence the framework design.

Evaluating the organisation’s external context may include:

a)      The social and cultural, political, legal, regulatory, financial, technological, economic, natural and competitive environment, whether international, national, regional or local

b)      Key drivers and trends having impact on the objectives of the organisation

c)       Relationships with, and perceptions and values of, external stakeholders

Evaluating the organisation’s internal context may include:

a)      Governance, organisational structure, roles and accountabilities

b)      Policies, objectives, and the strategies that are in place to achieve them

c)       Capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, processes, systems and technologies)

d)      Information systems, information flows and decision-making processes (both formal and informal)

e)      Relationships with, and perceptions and values of, internal stakeholders;

f)       Organisational culture

g)      Standards, guidelines and models adopted by the organisation

h)      Contractual relationships with suppliers

D – Documentation

Documenting an organisation’s risk management framework and recording each step of the risk management process is critical for a number of reasons, including:

  • Demonstrating to stakeholders that the process has been conducted properly
  • Providing evidence of a systematic approach to risk identification and analysis
  • Enabling decisions or processes to be reviewed
  • Providing a record of risks and to develop the organisation’s knowledge database
  • Providing decision makers with a risk management plan for approval and subsequent implementation
  • Providing an accountability mechanism and tool
  • Facilitating ongoing monitoring, review and continuous improvement
  • Providing an audit trail
  • Sharing and communicating information

The following areas of your organisation’s risk management framework need to be documented:

  • Objectives and rationale for managing risk
  • Accountabilities and responsibilities for managing and overseeing risks
  • Processes and methods to be used for managing risks – i.e. how the Risk Management process will be applied in the organisation
  • Commitment to the periodic review and verification of the risk management framework and its continual improvement
  • The way in which risk management performance will be measured and reported
  • Resources available to assist those accountable or responsible for managing risks
  • Organisation’s risk appetite translated into risk rating criteria
  • Links between risk management and the organisation’s objectives
  • Links between risk management and other processes and activities
  • Scope and application of risk management within the organisation
  • Requirements for recording and documentation of the risk management process (e.g. communication plan, stakeholder analysis, risk register, risk profile, and risk reporting)

E – Evaluating Risks

Risk evaluation involves comparing a risk’s overall exposure against the organisation’s risk appetite. This allows the determination of whether further controls are required to bring the risk within a level acceptable to the organisation. The output of the risk evaluation phase is a prioritised list of risks.

The following key steps are involved in evaluating risks:

1. Rank the risks based on the outcome of the risk analysis process

Risks can be ranked either qualitatively or quantitatively. Applying qualitative analysis, you can rank the risks using a heat map. The heat map is a colour-coded matrix with each colour indicating the level of risk. This heat map represents the tolerance level of your organisation. This would have been developed in the earlier phase of “Establish Context”, as it is a part of the organisation’s risk management context.

Based on the control effectiveness rating, likelihood of the risk occurring and potential consequences identified in the earlier phase, plot the risks against the matrix. The completed matrix is your risk profile.

Applying semi-quantitative analysis, the organisation can also rank the risks based on their numerical value. The numerical value is a combination of the values assigned by the organisation to control effectiveness, likelihood and consequence.

The most common approach to visually recording risk is using a 3 by 3 or 5 by 5 heat map as illustrated below. A risk heat map is sometimes referred to as a risk matrix.

Risk Assessment, Risk, Likelihood, Business Continuity, Risk Management

2. Consider the overall risk profile

Once the initial risk profile has been developed, the organisation may need to consider how each risk ranks in relation to the other risks. This step allows the organisation to conduct a “sanity check” of the risks that have been placed on the heat map to ensure that risks are rated correctly when compared to each other (e.g. “Risk manager may be off sick with flu” is not rated the same as “Project objectives may not be met”).

Possible outcomes of this step include:

  • The organisation may reassess the rating of some of the risks if it is felt that the overall spread of the risks relative to each other is not a true reflection of reality
  • The organisation may recognise that some risks are similar to the other risks, or are contributing factors to other risks. Hence they may be incorporated into the risk description of other risks within the risk register
  • The organisation may consider the interdependencies between the risks and consider the consequence on the organisation if more than one risk occurred at the same time. This may result in changes to the overall risk ratings.
3. Develop a list of priority risks

The primary objective of evaluation is to prioritise risks. This helps to inform the allocation of resources to manage risks, both non-financial and financial.

The priority list can be categorised by a number of criteria dependent on what is most relevant for the organisation e.g. risk rating, functional area or by type of impact (i.e. strategic or operational). This will further refine the focus for risk treatment.

F – Frequency of risk reporting

At a minimum, an organisation should update and report on its risk profile on an annual basis. While an annual reporting and update cycle may meet statutory requirements, effective risk management typically requires more frequent reporting on risk.

The frequency of risk reporting should reflect the cycle of the organisation’s regular internal reporting. Where the Executive receives monthly or quarterly progress reports on Financial, Operational, Health and Safety or IT matters, they may wish to receive similar risk reports.

G – Governance

Risk management is an important element of how Senior Management discharges its responsibilities to stakeholders in the governance of the organisation; the organisation’s risk management framework should have the following features:

  • Risk management as part of the organisation’s overall approach or framework for governance
  • Risk being recognised as a Senior Management matter, with the Board ultimately accountable for risk management
  • Risk management objectives designed to support and achieve the organisation’s risk appetite and the approach to recognising risk in decisions, providing achievable goals for risk management
  • Ownership and accountability for managing and reporting on risk throughout the organisation
  • Roles, accountabilities and responsibilities for managing risk, which are communicated and understood, and a clear distinction between those who have:

a)      Direct responsibility for the management of risk, e.g. management and staff working within each functional unit

b)      Responsibility for development, implementation, maintenance and oversight of the effectiveness of the risk management framework, e.g. a risk committee

c)       responsibility for providing independent assurance, e.g. internal audit

d)      Ultimate responsibility for obtaining assurance and thereafter driving improvement

  • A defined, effectively communicated and understood policy, which sets out the requirements for managing risk;
  • Defined processes and procedures for managing the organisation’s risks and for managing the development of risk management across the organisation
  • A method of assessing, leading and monitoring the organisation’s risk management culture
  • Defined parameters around the level of risk that is acceptable to the organisation, and thresholds which trigger escalation, review and approval by an authorised person/body
  • A defined approach to recognising risk in decisions
  • An appropriate flow of risk information around the organisation
  • A commonly defined and agreed terminology for describing key risk management concepts and practices

The risk management framework should include objectives for risk management, plans for developing risk management across the organisation, and designs for elements such as processes and tools. These should be contained in a risk management strategy and a risk management policy.

H – High-Level Risk Management Framework

Risk Management Framework, Establish Context, Identify Risks, Analyse / Quantify Risks, Assess & Prioritise Risks, Treat / Exploit Risks, Monitor & Review


I – Individual’s role within Risk Management

The organisation should embed risk management by incorporating it into each individual’s responsibilities. People should understand:

  • The risks that relate to their roles and their activities
  • How the management of risk relates to the success of the organisation
  • How the management of risk helps them to achieve their own goals and objectives
  • Their accountability for particular risks and how they can manage them
  • How they can contribute to continuous improvement of risk management
  • That risk management is a key part of the organisation’s culture
  • The need to report in a systematic and timely way to senior management any perceived new or emerging risks, near misses or failures of existing control measures within the parameters agreed

J – Joined-up Risk Management

No organisation or function within an organisation works in true isolation when it comes to risk management.

Internal Risk Management

Many organisations handle risk management within functions and submit risks and risk matrices to senior management based upon their evaluation of their functional area risks. The same risks may exist elsewhere in an organisation but their impact and subsequent treatment recommendations may differ. It is therefore hugely important for senior management to collectively review risk matrices to ensure that risk levels and their treatment are agreed upon from an organisational perspective.

External Risk Management

Some risks and their associated treatments may require joint effort between organisations and third parties. This could involve negotiation with third-party suppliers, local / national government as well as emergency service organisations. Being prepared and being connected to the right stakeholders could mean the difference between your organisation becoming operational very quickly following a major incident and going out of business.

K – Keeping your Risk Register up-to-date

The purpose of a risk register is to record details of all risks that have been identified, together with their analysis and plans for how those risks are to be treated. The risk register is an important component of the overall risk management framework. It will include ALL risks – not just operational risks, and can be focused either on the organisation as a whole, or on specific projects where it is used to maintain the register of project risks over the lifetime of the project.

An important parameter recorded in the risk register is the ‘owner’ of each risk – the person who owns responsibility for actions relating to that risk.

It is important to record when the risk item was identified and added to the register, when the entry was last updated, and for some items, when they were closed. However, closed items should be maintained for historical analysis purposes, perhaps being transferred to a separate ‘closed risks’ register table.

Access to the risk register must be controlled to maintain its integrity and confidentiality. Some items recorded in the register may be very sensitive and thus not for wide publication. These confidential items can be ‘flagged’ by adding an extra field to the table record structure. The integrity of all item entries is also important, so you need a security policy for the register that defines who should be able to update the table and who can read it.

L – Likelihood and Impact of Risks

Events identified as potentially impeding the achievement of objectives are deemed to be risks and should be evaluated based on the likelihood of occurrence and the significance of their impact on the objectives. It is important to first evaluate such risks on an inherent basis—that is, without consideration of existing risk responses and control activities.

For example, an organisation with headquarters on the banks of a river may seek to assess its exposure to the risk of flooding. On an inherent basis, it would consider the likelihood and impact of a flood by considering external data (such as the historical and projected frequency of floods) and internal data (such as the estimated damage to its physical assets if a flood were to occur). An impact and probability rating should then be assigned using defined risk rating scales. These individual risk ratings should then be brought together in the form of an inherent risk map as I outlined in ‘E’.

Additionally, as risk assessments are refreshed over time, a risk map can allow analysis over time (e.g., upward or downward trend of risks, and the extent of positive or negative correlations between certain risks).

M – Monitoring and Review

Both monitoring and review should be a planned part of the risk management process and involve regular checking or surveillance. It can be periodic or ad hoc.

The organisation’s monitoring and review processes should encompass all aspects of the risk management process for the purposes of:

  • Ensuring that controls are effective and efficient in both design and operation
  • Obtaining further information to improve risk assessment
  • Analysing and learning lessons from events (including near-misses), changes, trends, successes and failures
  • Detecting changes in the external and internal context, including changes to risk criteria and the risk itself which can require revision of risk treatments and priorities; and
  • Identifying emerging risks

Progress in implementing risk treatment plans provides a performance measure. The results can be incorporated into the organisation’s overall performance management, measurement and external and internal reporting activities.

The results of monitoring and review should be recorded and externally and internally reported as appropriate, and should also be used as an input to the review of the risk management framework.

N – No Risk, No Reward

“No risk, no reward; no guts, no glory.” In business, this mantra poses challenges, especially when dealing with compliance, security and risk management—organisations often need to take risks to get ahead of competition and take care to avoid overstepping their bounds. Organisations must address the point when something is no longer a risk, but an inevitable failure.

When a large organisation takes a risk, it has to consider a wide range of people: its employees, customers, investors and other stakeholders. Do regulatory requirements drive all choices and should the company always play it safe? No risk, no reward, remember?

Companies in the 21st century that play it safe are going to fall to the competition. “The bigger the risk, the bigger the reward” is becoming a culture rather than just a motivational poster. The businesses that push too hard, too fast will have less success, but the companies that remain calculated, deliberate, and informed when taking risks, are not really taking risks at all—they are making smart business decisions.

What is vital to organisational survival, and their ability to thrive in a competitive industry culture, are the right tools and resources needed to make calculating risks easier and faster.

O – Owners of Risks and Responses

Where the risk management process identifies any risks that need to be actively managed, each risk and each response should be assigned an owner who is responsible and accountable for:

  • In the case of a risk, owning the organisation’s assessment of the risk, monitoring it, and reporting its status
  • In the case of a risk response, responding to the risk, contributing to the development and maintenance of an appropriate control environment, and reporting on the status of the response

Risks and their responses may be owned by the same person.

P – Policy

The organisation’s risk management policy may include:

  • Governance, outlining how risk management is governed
  • Policy scope, describing the purpose of the policy and who it is aimed at; describing the high level principles and the benefits of implementing risk management; setting out the objectives, including legal and regulatory requirements, and what it intends to achieve; and providing an explanation of the relationship with other policies
  • Policy applicability, setting out to whom and to what the policy applies
  • Risk management process, providing a high level overview and description of the risk management process adopted by the organisation
  • Risk appetite, outlining the organisation’s risk appetite, thresholds and escalation procedure
  • Reporting, describing the purpose, frequency and scope of reporting
  • Roles, accountabilities and responsibilities, describing the high level roles, accountabilities and responsibilities in respect of risk management
  • Variations and dispensations, stating whether variations or dispensations from the policy are allowed and, if they are allowed, describing the process for requests for this

Q – Qualitative and Quantitative Risk Analysis

Quantitative Risk Analysis

In short, Quantitative risk analysis is by far the most exhaustive, costly and time-consuming method of doing a risk assessment. However, its primary benefit is identification of your greatest risk based on financial impact. Assigning a value to loss associated with vulnerability is often the best way to obtain corporate buy-in and a true understanding of impact to the organisation.

Quantitative is the only option if your Senior Management requires numeric figures and findings that can be measured against budgets from year to year.

Quantitative Risk Analysis – Key Points:
  • Yields results in terms of financial impact
  • All findings are expressed in monetary values, percentages, and probabilities
  • Allows for more control and understanding regarding procurement and budgeting
  • Requires larger organisational cooperation
  • Better protection against litigation risk
  • Very time intensive

Qualitative Risk Analysis

Qualitative risk analysis is more common than quantitative due to the time and cost involved. In Qualitative analysis, the assets are discovered and reviewed for known vulnerabilities against a database of potential vulnerabilities. The risk is then measured against relative scales to determine the probability of a threat exploiting the vulnerability. Threat impact, probability of threats, and vulnerabilities used in the analysis are very subjective between analysts conducting the analysis. It is not uncommon in a qualitative risk analysis to have two experts with differing conclusions. If an organisation is strapped for time or can’t afford the resources to dedicate to understanding your risk in detail, qualitative is the best methodology

Qualitative Risk Analysis – Key Points:
  • Requires less time and is less costly
  • Findings are simple in nature
  • Focus is on specific vulnerabilities to the affected assets
  • Values of loss are perceived and not quantified
  • Vulnerabilities are rated subjectively
  • Focus is on understanding the risk and often include recommendations for mitigation based on analysts knowledge and expertise

R – Risk Management Process

The organisation’s risk management process should, as a minimum, comprise the following steps:

  • Context
  • Identification
  • Assessment
  • Response
  • Reporting
  • Review

S – Senior Management Responsibilities

The responsibilities of the senior management of the organisation in respect of risk management should include:

  • Ensuring that there is a fit-for-purpose and up-to-date risk management framework and process in place and that risk management is adequately resourced and funded
  • Providing strategic direction on the appropriate recognition of risk in decisions and setting risk appetite and associated authority
  • Approving the risk management policy and setting the “tone” and culture for managing risk and embedding risk management
  • Ensuring the key risks facing the organisation are properly assessed and managed;
  • Evaluating the risk implications of change
  • Planning for how the organisation will respond to risks that could arise, including the management of a crisis
  • Providing direction and receiving assurance on the effectiveness of risk management and compliance with the risk management policy
  • Reporting on risk management to stakeholders and signing off public disclosures

T – Treatment of Risks

Risk Treatment is the process of selecting and implementing measures to modify risk. Risk treatment measures can include avoiding, optimising, transferring or retaining risk.

Management or treatment options for risks expected to have positive outcome include:

  • Starting or continuing an activity likely to create or maintain a positive outcome
  • Modifying the likelihood of the risk, to increase possible beneficial outcomes
  • Trying to manipulate possible consequences, to increase the expected gains
  • Sharing the risk with other parties that may contribute by providing additional resources which could increase the likelihood of the opportunity or the expected gains
  • Retaining the residual risk

Management options for risks having negative outcomes look similar to those for risks with positive ones, although their interpretation and implications are completely different. Such options or alternatives might be:

  • To avoid the risk by deciding to stop, postpone, cancel, divert or continue with an activity that may be the cause for that risk
  • To modify the likelihood of the risk by trying to reduce or eliminate the likelihood of the negative outcomes
  • To try modifying the consequences in a way that will reduce losses
  • To share the risk with other parties facing the same risk (insurance arrangements and organisational structures such as partnerships and joint ventures can be used to spread responsibility and liability)
  • To retain the risk or its residual risks

U – Understanding the types of Risk Assessment

Risk assessment can be conducted at various levels of an organisation.

The objectives and events under consideration determine the scope of the risk assessment to be undertaken. Examples of frequently performed risk assessments include:

Strategic risk assessment

Evaluation of risks relating to the organisation’s mission and strategic objectives, typically performed by senior management teams in strategic planning meetings, with varying degrees of formality.

Operational risk assessment

Evaluation of the risk of loss (including risks to financial performance and condition) resulting from inadequate or failed internal processes, people, and systems, or from external events. In certain industries, regulators have imposed the requirement that companies regularly identify and quantify their exposure to such risks. While responsibility for managing the risk lies with the business, an independent function often acts in an advisory capacity to help assess these risks.

Compliance risk assessment

Evaluation of risk factors relative to the organisation’s compliance obligations, considering laws and regulations, policies and procedures, ethics and business conduct standards, and contracts, as well as strategic voluntary standards and best practices to which the organisation has committed. This type of assessment is typically performed by the compliance function with input from business areas.

Internal audit risk assessment

Evaluation of risks related to the value drivers of the organisation, covering strategic, financial, operational, and compliance objectives. The assessment considers the impact of risks to shareholder value as a basis to define the audit plan and monitor key risks. This top-down approach enables the coverage of internal audit activities to be driven by issues that directly impact shareholder and customer value, with clear and explicit linkage to strategic drivers for the organisation.

Financial statement risk assessment

Evaluation of risks related to a material misstatement of the organisation’s financial statements through input from various parties such as the controller, internal audit, and operations. This evaluation, typically performed by the finance function, considers the characteristics of the financial reporting elements (e.g., materiality and susceptibility of the underlying accounts, transactions, or related support to material misstatement) and the effectiveness of the key controls (e.g., likelihood that a control might fail to operate as intended, and the resultant impact).

Fraud risk assessment

Evaluation of potential instances of fraud that could impact the organisation’s ethics and compliance standards, business practice requirements, financial reporting integrity, and other objectives. This is typically performed as part of Sarbanes-Oxley compliance or during a broader organisation-wide risk assessment, and involves subject matter experts from key business functions where fraud could occur (e.g., procurement, accounting, and sales) as well as forensic specialists.

Market risk assessment

Evaluation of market movements that could affect the organisation’s performance or risk exposure, considering interest rate risk, currency risk, option risk, and commodity risk. This is typically performed by market risk specialists.

Credit risk assessment

Evaluation of the potential that a borrower or counterparty will fail to meet its obligations in accordance with agreed terms. This considers credit risk inherent to the entire portfolio as well as the risk in individual credits or transactions, and is typically performed by credit risk specialists.

Customer risk assessment

Evaluation of the risk profile of customers that could potentially impact the organisation’s reputation and financial position. This assessment weighs the customer’s intent, creditworthiness, affiliations, and other relevant factors. This is typically performed by account managers, using a common set of criteria and a central repository for the assessment data.

Supply chain risk assessment

Evaluation of the risks associated with identifying the inputs and logistics needed to support the creation of products and services, including selection and management of suppliers (e.g., up-front due diligence to qualify the supplier, and ongoing quality assurance reviews to assess any changes that could impact the achievement of the organisation’s business objectives).

The examples described above are illustrative only. Every organisation should consider what types of risk assessments are relevant to its objectives. The scope of risk assessment that management chooses to perform depends upon priorities and objectives. It may be narrow and specific to a particular risk, as in some of the examples above. It may be broad but high level: e.g., an enterprise-level risk assessment or a top-down view that considers the broad strategic, operational, reporting, and compliance objectives

V – Vulnerabilities & Threats Assessment


It’s common to define vulnerability as “weakness” or as an “inability to cope”. Both of these definitions are completely wrong (from a security and risk management perspective).

A better definition of vulnerability is “exposure”.

If you give a presentation at a conference it might open you to criticism or even ridicule. Plenty of people have a fear of public speaking for this very reason. However, the act of giving a speech isn’t a weakness it’s an exposure.

Connecting a system to the internet can represent a vulnerability. For example, it exposes a system to a DDoS attack. However, connecting a system to customers via the internet isn’t likely to be considered a weakness from a business perspective.


A threat is something bad that might happen. It’s as simple as that. A more complex definition wouldn’t be any more helpful.

From a security perspective the first threat that pops to mind is a security attack. However, a threat can range from innocent mistakes made by employees to natural disasters.


Risk is a chance that something unexpected will happen. It’s the combination of threats and vulnerabilities:

Risk = Threat x Vulnerability

W – Why bother with Risk Management

So much is happening in the world to pressurise. In difficult times most organisations adopt a ‘back-to-basics’ approach, scrutinising overheads and new projects to ensure that costs do not rise to unacceptable or unsustainable levels. Whether we are experiencing falling revenues now, or are fearful of what the future holds, focus on Risk Management can fade and not be a priority.

But there is a certain irony in this. Risk Management is intended to help management identify risks that could threaten the organisation and take action to mitigate or eliminate material risks. Risk Management provides management with confidence that unplanned disruption can be handled effectively and the organisation has the best chance to survive, whatever the circumstances.

In poorer economic times, businesses are more threatened by more risks and potential disruption than is the case during more prosperous periods. For one thing financial resources are likely to be more constrained, providing less flexibility in your response to realised threats and disruption.

For another, your organisation will be leaner, with fewer facilities, equipment and staff. You often have to downsize to cope with difficult economic circumstances. The organisation will be working in a lean manner and that lack of spare capacity can make recovery from unplanned disruption difficult to manage.

And then there is the competition who, in more difficult times, will be chomping on the bit to take your clients and your business away. If risks materialise and you are inadequately prepared, or your business faces unplanned disruption without the necessary plans in place, your competition will have the best opportunity to take bite sized chunks out of your business portfolio.

Client goodwill is something we all work hard for and is difficult enough to maintain in good times. In more challenging times your business has to be ready, willing and able to service clients when they require it, no matter what events transpire.

There is no need to advocate that all professional firms spend fortunes on Risk Management. Many of our financial institutions have done that for years and look where they have found themselves. But developing a sensible approach to managing risk, documenting key risks in a Risk Register (with appropriate mitigation noted) and preparing sensible and pragmatic Treatment and Business Continuity Plans should not cost the earth. It will however help you protect the value and goodwill you have created in your business and should not be ignored, despite the current circumstances.

X – X-Ray Spectacles – Horizon Scanning

When conducting risk assessments organisations are increasingly being forced to explore risks and disruptive threats further into the future. Typically, most companies cannot realistically look more than six months into the future with any degree of confidence for strategic planning. Unprecedented events and the complications of globalisation make even six months too vague for many.

Strategic anticipation or foresight is becoming an important capability to assist decision-making when confronted with increasing global risks and economic/geopolitical turbulence. A degree of uncertainty has always been a business reality, but today it is the extent of the uncertainty and the potential consequences that make organisations cautious and apprehensive about directions and decisions. Uncertainty cannot be managed as by its very nature it is incalculable, but organisations can reduce their vulnerability to it. New approaches are now required; understanding the mistakes of the past can be informative, but hindsight will not necessarily inform or help with foresight.

As a result, businesses must make an effort to develop scenarios, consider likely future events and apply futures methodologies. Tools such as horizon scanning help generate new insights based on social and environmental monitoring, or distributed sensing capability, which allow one to make sense of an emerging threat, issue or trend. As a logical extension of scenario planning, horizon scanning can be used alongside techniques such as crowd sourcing, trend analysis, phase transition and experiential learning, amongst others, to generate ideas about likely future risks, issues and opportunities.

It is vital that corporations, when faced with continuous anxiety and uncertainty become skilled at spotting trends; they also need to acquire the techniques of pattern recognition and horizon scanning to generate strategic options and guide decision-making.

Y – Your Organisation and Risk

Whatever the size of your organisation, Risk Management should be a consideration. Ask yourself the following questions about your organisation:

  1. What are the organisation’s top risks, how severe is their impact and how likely are they to occur?
  2. How often does the organisation refresh its assessment of the top risks?
  3. Who owns the top risks and is accountable for results, and to whom do they report?
  4. How effective is the organisation in managing its top risks?
  5. Are there any organisational “blind spots” warranting attention?
  6. Does the organisation understand the key assumptions underlying its strategy and align its competitive intelligence process to monitor external factors for changes that could alter those assumptions?
  7. Does the organisation articulate its risk appetite and define risk tolerances for use in managing the business?
  8. Does the organisation’s risk reporting provide management and the board information they need about the top risks and how they are managed?
  9. Is the organisation prepared to respond to extreme events?
  10. Does the board have the requisite resources to provide effective risk oversight?

If you’re struggling to answer these questions or are uncomfortable with how you’re feeling about your answers, don’t panic! You’re not alone. But you should be doing something about it before a risk becomes a reality!

Z – Zurich to Accenture

Risk Management is big business, from consulting to insurance. There are literally thousands of organisations that you can engage with from the global players such as Zurich and Accenture to the smaller more regional consultancies and insurers.

Insurance will not reduce your business’ risks but you can use it as a financial tool to protect against losses associated with some risks. This means that in the event of a loss you will have some financial compensation. This can be crucial for your business’ survival in the event of, say, a fire which destroys a factory.

Some costs are uninsurable, such as the damage to a company’s reputation. On the other hand, in some areas insurance is mandatory. Insurance companies increasingly want evidence that risk is being managed. Before they will provide cover, they want evidence of the effective operation of processes in place to minimise the likelihood of a claim.

If you need support in implementing a cost-effective Risk Management system for your organisation we’d be delighted to help you. Give us a call or click here to get in touch!