Why risk is all about people

  • Subscribe to updates

  • Privacy
  • This field is for validation purposes and should be left unchanged.

In our next series of blogs we talk about the people element within risk management. Operational Risk Software can be key to supporting this discipline.   

Taken from: Mastering Risk Management 

When it comes down to it, most risks are ultimately the result of ‘people’ failings, whether at a strategic, managerial or operational level. Human factors are at the heart of nearly all major organisational crises. Even the most rational and automated systems are ultimately driven by human behaviour. ‘Our people are our greatest asset’, we read at the end of the chairman’s or CEO’s statement in the annual Report and Accounts. True. But just as risk is as much about opportunities as threats, so our people are also ‘our greatest potential liability’. 

Human behaviour is inherently complex, unpredictable and inconsistent, especially when people interact with each other. It could be that people risk is not a class of risk, but people should be viewed as a core ingredient of risk. Maybe all risks should be viewed through a ‘people lens’ and people should be viewed through a risk lens. 

Take simple errors. Even the best people make errors. There are inevitable slips and lapses, even if you know what you’re doing. Unexpected interruptions will lead to errors in otherwise routine activities. And, people often think they know what they’re doing. They may have a high opinion of their abilities, and may be relatively experienced, but they should take counsel if they find themselves in a totally new situation. Avoiding errors can be as simple as ensuring that instructions have few steps. If five or more steps are explained verbally, the middle ones tend to be forgotten. Even if they are written, isolated steps at the end are often forgotten or omitted. That’s why the military use only three steps – 1, 2, 3.

People are essentially honest. They do not come to work to defraud or to cause disruption. However, leaving aside risk factors such as individuals’ lack of competence, training and experience, there are many aspects of their personal or domestic environment which will affect their reliability from day to day. Times of personal stress, such as bereavement, relationship break-up, health problems, even criminal behaviour, which would be out of character in normal times. Because people’s personal circumstances change from day to day, assessing exposure to people risk is difficult. 

Then there are problems in the workplace which can be categorised as risky behaviour, such as sexual harassment, releasing proprietary information, a CEO sending derogatory tweets. The skill is to manage effectively. People risk is as often caused by poor management and organisation within the workplace, as well as the culture of the firm; lack of clarity about what needs to be done; too little time to fulfil tasks; the complexity of tasks and work processes; lack of support from colleagues or technology; unreasonable managers. All of these add to stress and unreliability and increase risk. They are symptomatic of an organisation which does not rate people management as a priority. A toxic culture and negative employee experiences are quickly publicised in social media. 

If we are to ensure that we retain the best people and that all perform to their best ability, we must create the right environment to achieve that. That way, we will considerably minimise our people risks. What is needed is an environment in an engaged organisation, which has a compelling positive vision, positive role models, coaching, feedback, respect and staff are listened to. 


The workplace environment should be a place of well-being. The Chartered Institute of Personnel and Development (CIPD) suggested five domains of well-being and good examples of initiatives or activities fostering well-being in the workplace. These domains are: 

  • Health – Physical health and safety, Mental health
  • Work – Working environment, Good line management, Work demands, Autonomy, Change management, Pay and reward
  • Values/Principles – Leadership, Ethical standards, Diversity
  • Collective/Social – Employee voice, Positive relationships
  • Personal Growth – Career development, Emotional, Creativity

Others include life cycles, such as paternity/maternity leave or thinking about positive attitude to age. Well-being is a basis of business resilience and will reduce absence and attrition costs. 

Diversity and inclusion

In people management, diversity and inclusion are not about knee-jerk reactions of filing holes and applying new policies to tick the box. The more sustainable solution is to be analytical and understand the diversity and inclusion issues in your firm. Look at the data and broaden your definition of diversity. It is not just about gender or ethnicity, but also geographic origins and skills. 

On pay and reward, do you have a one-size-fits-all programme, or one which considers issues that affect specific employee demographics? If you do not pay and reward employees in the right way, you are possibly allowing a significant risk. In the same way, you should look at different groups and help them with mentoring, networking groups to support career planning. Use role models to show what can be done. 

Finally, on selection, are job descriptions gender-neutral? Are recruitment teams gender-balanced? Are the CVs blind?

If we’re serious, diversity is not really about demographic diversity, but about cognitive diversity. That means that in decision-making we have different viewpoints around the table, not an echo chamber. It’s not easy, but Matthew Syed’s book, Rebel Ideas, shows that cognitive diversity considerably improves performance. 

Change and Flexibility

Change is fundamental to people management and people risk management. The external environment is changing daily, whether it’s the social, economic, technological or the political environment. The Covid-19 pandemic made huge changes to working practices, such as working from home or flexible working. They were already in train as firms realised the changing needs and desires of the workforce. 

Firms are always at some point of change in their evolution and development – whether they are growing or contracting. Growth may mean that the entrepreneur culture at the outset has to be tempered by a more structured, controlled environment. The original, close-knit team gives way to a larger organisation which, for some, may be uncomfortably bureaucratic. At a time of contraction, the effects of down-sizing, restructuring and redundancy will have to be managed, together with survivor guilt. 

All of these mean a changing risk environment and risk exposure which need to be constantly re-assessed, as well as their effects on the risk culture. From a people risk point of view, a changing risk profile and risk environment may require different skills being developed or brought in. So far as individuals are concerned, they may lose position or power or their personal identity. They may lose their group membership, which supports them. It is management’s job to be aware of changed conditions and to be able to adapt quickly. In this way, risks can be anticipated and their impact limited before they arise. Organisations need to keep fit to remain healthy, just as the people within them. 

A healthy risk culture will encourage continuous improvement and be open to change and flexibility. Employees should be encouraged to be creative and innovative and not allow work processes and practices to be rigid, inflexible and stale – in other words unfit for purpose, exposing the firm to more risk.  

In our next blog we discuss the HR department and its relationship to People Risk Management. 

 Mastering Risk Management by Tony Blunden and John Thirlwell is published by FT International. Order your copy here: https://www.pearson.com/en-gb/subject-catalog/p/mastering-risk-management/P200000003761/9781292331317    

For more information about how Operational Risk software can help your organisation, contact us today on sales@risklogix-solutions.com 

Related Posts

How to Foster a Culture of Risk Awareness in Your Bank: The Role of GRC Technology
The financial industry underpins the entire economic system by fostering trust and stability. Banks, a cornerstone of this ecosystem, play a critical role for individuals and businesses alike. For individuals, they act as trusted custodians, safeguarding hard-earned assets in the form of checking and savings accounts.  On a broader scale, banks facilitate commerce by offering …

How to Foster a Culture of Risk Awareness in Your Bank: The Role of GRC Technology Read More »

When managing People Risk, what are the key indicators?
In this, our final blog on the topic, we discuss the Key People Indicators for risk management. Operational Risk Software can be key to supporting this discipline.    Taken from: Mastering Risk Management  If people are, as a category, a firm’s biggest potential risk, it’s fair to ask what indicators are available to monitor that risk, …

When managing People Risk, what are the key indicators? Read More »

How do you mitigate People Risk?
In this blog we talk about key strategies for mitigating people risk and present a table to demonstrate context. Operational Risk Software can be key to supporting this discipline.    Taken from: Mastering Risk Management  Creating the right risk culture will do much to reduce people risks. After that, the fundamental way of mitigating those risks …

How do you mitigate People Risk? Read More »