Accendo Reliability

Your Reliability Engineering Professional Development Site

  • Home
  • About
    • Contributors
    • About Us
    • Colophon
    • Survey
  • Reliability.fm
    • Speaking Of Reliability
    • Rooted in Reliability: The Plant Performance Podcast
    • Quality during Design
    • CMMSradio
    • Way of the Quality Warrior
    • Critical Talks
    • Asset Performance
    • Dare to Know
    • Maintenance Disrupted
    • Metal Conversations
    • The Leadership Connection
    • Practical Reliability Podcast
    • Reliability Matters
    • Reliability it Matters
    • Maintenance Mavericks Podcast
    • Women in Maintenance
    • Accendo Reliability Webinar Series
  • Articles
    • CRE Preparation Notes
    • NoMTBF
    • on Leadership & Career
      • Advanced Engineering Culture
      • ASQR&R
      • Engineering Leadership
      • Managing in the 2000s
      • Product Development and Process Improvement
    • on Maintenance Reliability
      • Aasan Asset Management
      • AI & Predictive Maintenance
      • Asset Management in the Mining Industry
      • CMMS and Maintenance Management
      • CMMS and Reliability
      • Conscious Asset
      • EAM & CMMS
      • Everyday RCM
      • History of Maintenance Management
      • Life Cycle Asset Management
      • Maintenance and Reliability
      • Maintenance Management
      • Plant Maintenance
      • Process Plant Reliability Engineering
      • RCM Blitz®
      • ReliabilityXperience
      • Rob’s Reliability Project
      • The Intelligent Transformer Blog
      • The People Side of Maintenance
      • The Reliability Mindset
    • on Product Reliability
      • Accelerated Reliability
      • Achieving the Benefits of Reliability
      • Apex Ridge
      • Field Reliability Data Analysis
      • Metals Engineering and Product Reliability
      • Musings on Reliability and Maintenance Topics
      • Product Validation
      • Reliability by Design
      • Reliability Competence
      • Reliability Engineering Insights
      • Reliability in Emerging Technology
      • Reliability Knowledge
    • on Risk & Safety
      • CERM® Risk Insights
      • Equipment Risk and Reliability in Downhole Applications
      • Operational Risk Process Safety
    • on Systems Thinking
      • Communicating with FINESSE
      • The RCA
    • on Tools & Techniques
      • Big Data & Analytics
      • Experimental Design for NPD
      • Innovative Thinking in Reliability and Durability
      • Inside and Beyond HALT
      • Inside FMEA
      • Institute of Quality & Reliability
      • Integral Concepts
      • Learning from Failures
      • Progress in Field Reliability?
      • R for Engineering
      • Reliability Engineering Using Python
      • Reliability Reflections
      • Statistical Methods for Failure-Time Data
      • Testing 1 2 3
      • The Manufacturing Academy
  • eBooks
  • Resources
    • Accendo Authors
    • FMEA Resources
    • Glossary
    • Feed Forward Publications
    • Openings
    • Books
    • Webinar Sources
    • Podcasts
  • Courses
    • Your Courses
    • Live Courses
      • Introduction to Reliability Engineering & Accelerated Testings Course Landing Page
      • Advanced Accelerated Testing Course Landing Page
    • Integral Concepts Courses
      • Reliability Analysis Methods Course Landing Page
      • Applied Reliability Analysis Course Landing Page
      • Statistics, Hypothesis Testing, & Regression Modeling Course Landing Page
      • Measurement System Assessment Course Landing Page
      • SPC & Process Capability Course Landing Page
      • Design of Experiments Course Landing Page
    • The Manufacturing Academy Courses
      • An Introduction to Reliability Engineering
      • Reliability Engineering Statistics
      • An Introduction to Quality Engineering
      • Quality Engineering Statistics
      • FMEA in Practice
      • Process Capability Analysis course
      • Root Cause Analysis and the 8D Corrective Action Process course
      • Return on Investment online course
    • Industrial Metallurgist Courses
    • FMEA courses Powered by The Luminous Group
      • FMEA Introduction
      • AIAG & VDA FMEA Methodology
    • Barringer Process Reliability Introduction
      • Barringer Process Reliability Introduction Course Landing Page
    • Fault Tree Analysis (FTA)
    • Foundations of RCM online course
    • Reliability Engineering for Heavy Industry
    • How to be an Online Student
    • Quondam Courses
  • Calendar
    • Call for Papers Listing
    • Upcoming Webinars
    • Webinar Calendar
  • Login
    • Member Home
  • Upcoming Live Events
  • Accendo Reliability Webinar Series
You are here: Home / Articles / Great Leaders Focus on the Why, Not the How of Risk Management

by Greg Hutchins Leave a Comment

Great Leaders Focus on the Why, Not the How of Risk Management

Great Leaders Focus on the Why, Not the How of Risk Management

Guest Post by Patrick Ow (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Effective leaders provide their employees with a heartfelt portrayal of the WHY, a deep-rooted purpose, before defining the WHAT, the product or service, and then finally, the freedom on the HOW, which is the process.

First, understand the WHY of your solution. This gives you the line of thinking needed to decide HOW you can provide this solution in a way that is better than your competitors and more efficient for your customer.

From the perspective of risk management, effective leaders, with the help of risk officers and the risk function, should also start with the WHY of doing risk management in the organisation.

Thereafter, determine WHAT risk framework is required to deliver the WHY. And finally, after knowing the WHY and WHAT as the motivating factors and drivers of risk management in your organisation, give your employees the freedom on HOW they take risks and seek opportunities.

When employees want to do risk management, rather than have to do risk management, there is risk culture maturity in the organisation as risk management is done unconsciously as part of management practices.

So, WHY do risk management in the first place?

The purpose of risk management is to enable the organisation to take the right level of risk and seek out opportunities so that it can increase the likelihood and/or extent of organisational success.

We do risk management because we want individuals and organisations to be successful. People can make better decisions, solve the right problems, and find the right solutions to serve and deliver better outcomes for our customers and stakeholders.

In essence, my job as a risk professional is to make my stakeholders look good!

Success can only be achieved by focusing on the outcome that we want to achieve, not on the process of being successful.

“What is my target”

In golf, the outcome is to play a ball from the teeing ground into the hole on the putting green in the fewest possible number of strokes. If you are not asking yourself, “What is my target?” before every shot, you are not giving yourself the best chances to shoot the lowest scores.

Looking back from 2000 to 2005 when Tiger Woods was winning nearly every week, he focuses on the target and gets into the zone.

When trying to recount some of his victories and specific shots, Tiger says that he oftentimes has no memory of them whatsoever because he’s so focused on the outcome of that shot. He isn’t thinking about taking the club inside or clearing his hips on the way down.

It is all about focusing on the WHY of the game (i.e., hitting the ball into the hole), rather than the HOW (i.e., the swing and position of the body).

Dave Stockton, the author of Unconscious Putting, sums it up perfectly. He said, “When you drive a car you aren’t thinking about all of the mechanical things necessary to safely get your vehicle from point A to point B. You aren’t thinking about how hard to pump the brakes, or how many degrees to rotate the wheel to make a left turn.”

For Tiger, “I have these blackout moments. I know I was there but I don’t remember hitting the actual shot. It’s like my subconscious mind just takes over.”

Our aim is to get into the zone of doing risk management unconsciously where our subconscious mind just takes over.

Formal vs informal risk management

So, how do we get into the zone of doing risk management unconsciously?

The answer lies with informal risk management and knowing the WHY of the business and knowing the WHY of doing risk management.

While risk managers are fond of frameworks and tools that look good on paper, effective risk management requires the use of complementary formal and informal risk management mechanisms.

Formal risk management covers the use of risk registers, control assessments, internal audits, and risk reports. It provides a visible platform on which risk management can operate throughout the business. And it satisfies regulatory requirements as evidence of compliance.

This formal risk management approach must be contrasted with the informal risk management approach, which includes social networking and influencing techniques.

It is the informal mechanisms that are vital for making the formal mechanisms work in real life.

The design and format of a formal tool like a risk register are less important than the informal mechanisms that are used to populate the risk register through honest and open conversations about risks and opportunities.

Simple behaviours such as picking up the phone to somebody who might help you solve a problem work more effectively.

These one-to-one conversations are more effective than complex or over-engineered documentation or reporting tools that are often used to embed and mature risk management.

Not surprisingly, a risk officer who cannot build effective trustworthy relationships and interactions, and creates a web of informal conversations across an organisation will not be able to embed effective risk management and increase risk maturity.

Avoid hiring a compliance type person for the job!

My ex-colleague reported that when her organisation onboarded a new Chief Risk Officer, the very first question she got from him was, “What must we do to comply with the risk management requirements?”

This formalised or compliance approach to risk management is just killing the essence of why we do risk management in the first place. And we wonder why risk management is not working in organisations!

This is because we usually hired the wrong person for the job.

It is easier to focus on the HOW of risk management

The International Organization for Standardization (ISO) website states that ISO standards “provide a strong basis for the development of national and international regulation”.

This applies to the international risk standard, ISO 31000, which is interestingly the first non-certifiable ‘standard’.

The unintended consequence of this ‘risk standard’ is that many governments, regulators, and even risk management associations have been quick to prescribe the HOW of risk management, focusing mainly on formal risk management.

The reality is that it is much easier to focus on formal risk management rather than informalrisk management. It is tangible and easier to document a risk register or show a heat map.

It is also easier to show compliance to auditors and regulators.

And unfortunately, we get too consumed in doing formal over-engineered risk management that we missed doing informal risk management. The reality is that informal risk management will be the key to giving you the best bang for your money.

Too much formal risk management can hurt the organisation

Too much formal risk management can hurt the organisation, according to research on Risk Culture and Risk Management in the Australian Public Sector.

If formal risk management is seen primarily as a compliance exercise to satisfy internal and external requirements, then informal risk management will not occur naturally and effectively. And when informal risk management is weak, so will be the organisation’s risk management maturity and risk culture.

The implication of this insightful research impacts how organisations approach risk management and the balance they must find to create a positive risk culture (i.e., I want todo risk management) that does not focus solely on compliance (i.e., I have to do risk management).

This is the unintended consequence of formalisation and standardising risk management.

The WHY of business and risk management

While the formal frameworks and mechanisms will exist in organisations, these tended to work best if they were not specifically badged as risk management tools. Getting away from technical jargon is important when dealing with front-line employees.

This is where risk managers can talk to front-line staff about how to become more efficient, customer-focused, or simply about behaviours and attitudes instead, which is the focus is on informal risk management.

McKinsey has said that “risk functions need to move beyond the formal views of the administration, control, and governance, as well as the formal processes for risk assessment.” There is a call for risk professionals “to come out of the ivory towers and into the marketplace.”

Informal risk management can only thrive when people know the WHY of the business and the WHY of doing risk management in the organisation. Giving these WHY visions are vital for sustainable organisational success.

When people know the WHYs, they are more internally self-motivated to get into the zone where their subconscious mind just takes over. No external push factor is required especially through the need to comply with standards and regulations.

Positive risk culture can only be driven when people want to do risk management, rather than when they have to do risk management.

People’s want to motivation comes primarily from knowing the WHYs of business and risk management, something that leaders and managers do badly!

Professional bio

As a Chartered Accountant with over 25 years of international risk management and corporate governance experience in the private, not-for-profit, and public sectors, Patrick helps individuals and organizations make better decisions to achieve better results as a corporate and personal trainer and coach at Practicalrisktraining.com.

He is also the co-founder of Skillsand.org, an organisation dedicated to helping people acquire in-demand job skills and preparing them for the future of work. The goal is to create a convenient learning experience that’s as easy as making any other purchase on Amazon.

Patrick has authored several eBooks including Strategic Risk Management Reimagined: How to Improve Performance and Strategy Execution.

Filed Under: Articles, CERM® Risk Insights, on Risk & Safety Tagged With: Risk management process

About Greg Hutchins

Greg Hutchins PE CERM is the evangelist of Future of Quality: Risk®. He has been involved in quality since 1985 when he set up the first quality program in North America based on Mil Q 9858 for the natural gas industry. Mil Q became ISO 9001 in 1987

He is the author of more than 30 books. ISO 31000: ERM is the best-selling and highest-rated ISO risk book on Amazon (4.8 stars). Value Added Auditing (4th edition) is the first ISO risk-based auditing book.

« Weibull Distribution Part2: Three-Parameter Weibull, B10 life, Characteristic Life
The Future of Production is Endless Risk Free Operation »

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

CERM® Risk Insights series Article by Greg Hutchins, Editor and noted guest authors

Join Accendo

Receive information and updates about articles and many other resources offered by Accendo Reliability by becoming a member.

It’s free and only takes a minute.

Join Today

Recent Articles

  • Leadership Values in Maintenance and Operations
  • Today’s Gremlin – It’ll never work here
  • How a Mission Statement Drives Behavioral Change in Organizations
  • Gremlins today
  • The Power of Vision in Leadership and Organizational Success

© 2025 FMS Reliability · Privacy Policy · Terms of Service · Cookies Policy