Expectations vs. Capabilities
A few of months ago, I gave a presentation at the Tennessee PRIMA conference on the topic of scope creep in risk management roles. The presentation was inspired by a TikTok I made on some of the interesting things people will call risk management for.
Risk management is about managing uncertainty, and uncertainty touches just about everything, so it’s important to define your scope as a risk management professional so that you set the expectation of what you can reasonably do with the time and resources you have. Otherwise, your leadership is going to make some pretty big assumptions about what you can accomplish and what you are responsible for. A couple of tips if you’re trying to define your scope:
Identify in house vs. vendor solutions
Handling your own investigations? Cool. Outsourcing all investigations? That’s cool too. Only outsourcing some investigations? No problem, just make sure you define the criteria for when you will be outsourcing. No matter which route you go with, make sure you are clear about where the line is drawn between internal and external solutions.
Separation of duties between HR and Risk Management
There are a LOT of overlaps between the world of HR and risk management, but it is because of these overlaps that we often see scenarios where a responsibility is kicked around between risk management and HR because neither wants to claim it. A real life example I once received: An employee wanted to foster a dog for the Guide Dogs of America program. This would involve bringing the dog to the office during the workday to ensure they are acclimated to work environments. HR sent this to me and asked if risk management would handle the inquiry since they considered it a risk management issue. I told them I could advise on coverage and safety protocols for this activity, but there is a larger question of whether we would allow other employees the opportunity to do this, and if so what criteria are we using. Will it impact performance? Productivity? Operations? These are risk management considerations, but risk management was always meant to be a team sport. You will need HR and operations to provide insight so that a decision can be made. You should not have to carry the responsibility by yourself.
Responsibility & Authority
There are some risk managers who have very little authority of their own. Decisions on settlement approvals, deductible levels, insurance placement and vendor selection may be held by someone else. However, it is the risk manager who remains fully responsible for the program outcomes. I am a strong believer in the position that your responsibility level needs to match your authority level. It isn’t fair to expect a risk manager to be fully responsible for program outcomes when they do not have the full authority for decisions that shape said outcomes.
Just remember: Risk management was never meant to be a single player sport. It’s a team sport, and you need to set the expectations of who is on your team (vendors, HR, etc) before a claim occurs.
