No one wants to be the bearer of bad news, but an organization’s stakeholders deserve to be informed about uncertainty and problems facing the business. In some circumstances, stakeholders even have a legal right to know that information; which means someone at the organization needs to tell them.
A 2020 Harvard Business Review article, The Art of Communicating Risk, described risk communication as “one of the most important challenges faced by anyone who needs to convey or consume information.” The article also talked about the importance of “risk communication by design” — that is, the practice of assuring that risk communications happen early and often.
In one study, 92 percent of CEOs agreed that communicating risk information is critical to project or organizational success. And yet, only 23 percent of that group said they get comprehensive risk information.
That’s a disconnect. It matters a lot, and here’s why.
The Importance of Risk Communication
Humans are naturally wired to prefer certainty. Risk, however, is inevitable in every aspect of the human experience, while certainty is in short supply. Most people understand this and are therefore willing to accept risk — but they prefer to know about it as soon as possible.
In the modern digital economy, organizations have to deal with all kinds of risks and threats that could impair business continuity, lead to cyberattacks or data breaches, or affect their reputation, compliance posture, or financial health. To manage and mitigate these risks, an effective risk management program is critical.
But it’s not enough for risk managers simply to understand organizational or project risk. They must also communicate the matter to key stakeholders in a timely, easy-to-understand manner.
And yet, research shows that few companies actually do communicate risk to stakeholders. A well-known KPMG study found that even though a majority of responding organizations had improved their risk management processes in the previous few years, only 44 percent believed they were effective at communicating risk information to stakeholders.
Challenges in Communicating Risk Information
When organizations can’t communicate accurate information about risks, that hinders risk management. It weakens their ability to identify risks, perform risk evaluation, and respond to and mitigate threats. The key challenges that get in the way of risk communication initiatives are:
Communicating with a diverse range of stakeholders from different disciplines, functional areas, backgrounds, priorities, and perspectives can be a significant challenge to effective communication. It is difficult to craft a message that’s easy to understand for a diverse audience while assuring the message is also meaningful and informative.
Lack of a Defined Communication Plan or Process
The lack of a standardized and effective communication strategy makes it difficult for risk managers to communicate relevant information about risks promptly. They don’t know what they need to communicate, to whom, or how; and they don’t have the time to analyze what’s appropriate for every situation.
Use of Non-Standard Risk Terminology
The lack of a standardized “language” of risk can be another problem. Suppose the use of risk terminology varies widely across functional or business units. In that case, it’s unlikely that risk managers will be able to communicate risk information effectively to project stakeholders, never mind promoting a unified understanding of it across all stakeholder levels.
Asymmetrical or Unsynchronized Risk Data
Risk data that resides in different systems results in unnecessary siloes and prevents effective risk communication. Unsynchronized data displays a different risk picture to different people. This disconnect can create different perceptions of risk, hinder risk-related decision-making, and ultimately harms the enterprise’s risk management capability.
The Benefits of Risk Communication
According to the Project Management Institute, for every $1 billion spent on projects, at least $75 million is at risk. The reason? Ineffective communications. In fact, about 55 percent of project managers believe that effective risk communication to all stakeholders is the most critical success factor for projects. The benefits of risk communication are:
Improve Risk Response
Communicating information about risk puts all stakeholders, including customers, vendors, and employees, on the same page. It also allows the target audience to better prepare for the risk and mitigate its impact when the risk is understood. Timely and effective risk communication reduces confusion, improves problem-solving, and strengthens decision-making.
Create a Positive Stakeholder Opinion
Most stakeholders don’t expect a zero-risk environment. They do, however, expect to be informed on the risks that may affect the company, the project, their investment, and so forth. Stakeholders provide valuable resources, support, and influence that enable the enterprise to achieve its goals. They deserve to be involved.
By communicating risk information to stakeholders regularly and from the start, the organization can improve stakeholder engagement and avoid negative opinions or feedback.
Set Realistic Expectations
Communications and expectations go hand in hand. Unrealistic stakeholder expectations create operational and other challenges for the organization. If this happens on an ongoing basis, it could reduce stakeholder engagement and even damage the company’s reputation.
Transparent and honest risk communications, ideally backed by quantitative data, help manage expectations and garner greater confidence and trust in the organization.
When the right people are informed about potential risks, that promotes better accountability across the enterprise. Further, it becomes easier to assign roles and responsibilities, which strengthens the risk management and remediation program.
5 Tips to Effectively Communicate Risk Information to Stakeholders
For any business to perform and manage risk tasks effectively, risk-related information must be appropriately communicated to all internal and external stakeholders. Here are five ways to better communicate risk information.
To assure that every stakeholder gets the right amount and type of risk communication, it’s essential to first understand stakeholders by asking questions like:
- Who are they?
- What is their role in the enterprise risk landscape?
- What kind of information do they require?
- Which communication materials or messaging can best meet their need for risk information?
- Do they prefer verbal or written communication?
An understanding of how stakeholders like to communicate can help simplify risk communication and make it more effective.
Make it a Team Effort
Although a single point of contact for risk communications can assure message uniformity, relying on one person for this critical task can be dangerous as the organization grows. Different individuals have expertise in various risk areas, so they should all be involved in the risk communication process accordingly.
Talk About Risk Impact and Probability
Most stakeholders want to know how a risk can affect their work, project, business, or investment. For many, risk information without the “so what” factor is just noise, which they will likely ignore. That’s why it’s crucial to communicate risks from the standpoint of tangible impact. Talking about probability, particularly in quantifiable terms, is also beneficial.
Communicate Early and Often
The best time to communicate risk information is early and often. Advance and ongoing knowledge provides stakeholders the time to develop a plan of action to manage the risk. Creating a communication plan, templates, and processes can help simplify communications and ensure their timeliness and usefulness.
Create Alerts to Trigger Crisis Communications
Risk analysis tools provide insights into risk type, probability, and potential impact via visual reports and dashboards, so risk managers can quickly understand the organization’s risk status. Setting up alerts in these tools can help gauge when a particular risk’s probability has gone past an acceptable threshold and therefore needs to be communicated to stakeholders.
Manage Risks Successfully with ZenGRC
Identify and manage risks across your enterprise with ZenGRC. This integrated risk and compliance management platform offers a single source of truth for all your compliance, risk, audit, governance, and policy management needs.
With ZenGRC, you can store your risk communication process and assign workflows to ensure tasks are completed. A centralized risk register can help you track and assess risks. Customizable reports and dashboards provide insights for quick analysis of every project. These tools enable risk managers to communicate risks to stakeholders promptly and effectively.