What Does Successful Risk Management Look Like?
Michael H. Gladstone is the senior manager, emergency management and planning for The We Company, aka, We Work. It’s a real estate company that provides flexible office space and workplace solutions to individuals and companies. In Rethinking Your Approach to Enterprise Risk Management, a recent webinar presented by Security Management magazine and Dataminr (available free on-demand with registration), Gladstone gave his take on what successful risk management looks like. Here are his three takeaways:
1. “No one gets hurt during a crisis.”
He acknowledges in his next breath that this will not always be a realistic outcome—no matter how prepared and secure an organization is, there is always the potential for unstoppable injurious catastrophe. The point of stating it this way is that when planning for an emergency, the health, life, and safety of those in and around an organization is the top concern. Zero injuries should be the goal, and if circumstances dictate that zero is not possible, then the least amount of harm is what needs to happen.
2. “Health-life-safety is always first… but the second thing you have to think about is how are we planning and ensuring that our infrastructure is sound?”
Solutions to infrastructure issues will vary widely depending on the needs of any particular organization. Do you need building or plant redundancy? Do you need long-term evacuation or relocation plans? To begin to tackle an emergency planning approach to infrastructure issues, Gladstone shared We Work’s decision criteria, starting with the customer experience: “On the backend, things might be crazy… The risk teams might all be spun up, but if there’s very little impact to your customer base, in our case, our members, then we’ve succeeded.”
3. “If you have executed good, cross-functional risk management plans to ensure continuity of operations, you’ve successfully mitigated risk.”
Gladstone notes that a security or risk director cannot bring the possibility of calamity down to zero. They cannot control the weather and they cannot control the actions of other people. However, the area where they do have the most control is business continuity. Planning, and being able to operationalize that plan when it’s needed, is what enables an organization to continue (or quickly resume) operating when disaster occurs.
While there will always be risks, overcoming those challenges or deficiencies is important "in order to ensure that holistically all the right players are working together and that your brand, your continuity of operations, and your people are as safe as possible,” says Gladstone, “That is successful risk management.”