Consulting for Risk Management
Wherever opportunities are expected to open up, risks have to be figured in. The basis of effective company supervision relies on checks and balances between risk-friendly and risk-shy players.
An initial step in whistleblowing-related consultation will always consist of improving the risk management of the organisation. §91II AktG (the German statute on publicly held companies) stipulates that the board of directors set up a monitoring system, so that developments potentially jeopardising the existence of the company will be detected early. Since not every process can only be monitored from the top, it is necessary to utilise whatever information is available within the company. This means that such a system should ascertain that any pertinent information from staff be taken in, documented and reviewed appropriately. At the same time it must be clear to all involved that not every risk must be or can be avoided or eliminated. However, the system can only function effectively if all employees feel encouraged to inform themselves about the seriousness of the risks perceived and to report them in a constructive manner.
Everyone should be aware that risks need to be completely and correctly recorded, assessed and treated. The kind of treatment resulting from a risk analysis may also include assuming the risk. Employees familiar with the risk should nevertheless understand why any one given risk treatment seems appropriate in the eyes of the company. Otherwise, the impression may develop that management were either blind or excessively risk-tolerant and might not seek further reactions to this or other risks. The communication pertaining to risks and their proper management constitutes a complex communicative process which, in the heat of the moment, can go awry. Where this happens, an additional internal risk of its own kind emerges: the management may no longer get informed about changes in the risk landscape, and may then be surprised by previously unknown or significantly changed risks.
The risk communication concept we have developed: supporting the improvement of internal risk communication.
The basic elements are:
- Where a risk is perceived, it is communicated.
- This communication has consequences;
- consequences for the risk, not the messenger !
- Everyone is aware of this.
Open Communication - one that is consistently transparent!