Diversity in Risk Management
As Pride Month 2022 draws to a close, nPlan Principal Risk Engineer Richard Bendall-Jones discusses the importance of diversity, equity and inclusivity to effective risk management
TL;DR — risk management benefits most when undertaken by:
a) a variety of people of different cultural and professional backgrounds, and
b) a variety of ways of thinking and approaching problems.
These two dimensions are not mutually exclusive.
For a while, I’ve been trying to summon up the courage to talk about diversity in risk management. If I’m being honest, this has been because, as a white male, I didn’t feel it was my place to have an opinion on it. But, with some kind and helpful coaching (thanks, Anita Phagura), I’ve been allowed to see that I can at least help facilitate the conversation.
When I’m talking about diversity in risk management, I mean it in a couple of dimensions: firstly, from a Diversity, Equity and Inclusivity (DEI) perspective; and secondly, from the perspective of ‘diversity of thought’. These dimensions are not mutually exclusive; in fact, there is an awful lot of overlap. But I personally find it useful to differentiate between the two, and hopefully I’ll explain why in this article.
DEI (Diversity, Equity, Inclusivity)
During my time as a risk management practitioner, I have been fortunate to work with talented people from a variety of backgrounds. I’ve previously written stuff on how people can enter a career in risk management from a variety of different angles. While opinions differ on this topic, my view is that risk management benefits from a variety of skills (both technical and human) and experience. I genuinely believe that risk management is something that everyone can get involved with; as a career choice, as a part of their existing role, or as part of their everyday life (we are all intuitively risk managers, to various extents).
Sometimes, we have a fixed idea of what constitutes ‘good’ risk management, and therefore we seek to attract people that exhibit those traits, or at least have experience of working in these contexts. Perhaps this is one limitation of recognised, ‘popular’ risk management frameworks, (ISO31000, COSO ERM, take your pick) — we have defined in narrow terms what ‘good looks like’, and by extension exclude those without such experiences.
When we (consciously or subconsciously) exclude people with different backgrounds and experiences, then we all lose out. We lose our ability to approach problems from a number of different ways. We expose ourselves to the echo chambers of confirmation bias and ‘groupthink’ that, ironically, risk professionals love to teach others about.
Diversity of Thought
Want to be recognised as a competent risk manager? Take these exams. Get this certificate. Learn the prescribed stuff.
I’ve taken such exams and certificates, and they’ve helped me to become a well-rounded professional. They’ve enabled me to understand a wider context beyond my day-to-day job. But a problem with the ‘qualification heavy’ approach is that you train an entire cohort to think in a similar way. This is particularly problematic when a compliance element is introduced to the application of risk management frameworks; it stifles creativity and freedom of thought. In fact, it is by taking some of these concepts and playing around with them in a different way, in a new context, being creative with them, that makes work (sometimes) more fulfilling. And it’s difficult to approach this task without a diversity of experience in your team, in your organisation, in your life.
I’m currently reading ‘Rebel Ideas’ by Matthew Syed and it has helped me to think about these challenges in a new way — I’d recommend giving it a spin if you haven’t already. One point made in the book is about the strategic ‘blind spots’ that are created when cohorts from similar socioeconomic backgrounds are brought up and trained in similar socioeconomic conditions.
As a privileged white male, am I the best person to assess risk associated with social instability in the UK? I don’t think so. And therefore, if all my colleagues were of a similar background, would we be strategically exposed to such a blind spot? I would say so. And would being unaware of this potentially make the problem worse, by assessing an ill-founded confidence in the assessment of such risks? Most definitely.
Getting Mixed Up
You might have noticed that in the paragraphs above, I’ve mixed up some of the concepts. That’s because for me, they’re difficult to differentiate between, and, as I mentioned, they’re not mutually exclusive. And I’m not perfect — I’m learning. But what I learn from this, is that it’s important to recognise that we are all on our own journeys when it comes to diversity. And as long as we’re all keen to improve ourselves, and understand each other, then I think we’re headed in the right direction.
For example, just writing this, I’ve thought: “what about people who don’t like reading articles, who prefer watching videos or listening to podcasts?”. I’ve probably excluded them too. I make mistakes, and that’s okay, if I recognise them and seek to improve upon them.
So what can I do about it?
So what? The purpose of this article isn’t to get convince people to throw out their existing processes (risk management, resourcing or otherwise). These processes exist for many reasons and I’m sure they’re all well-meaning.
However, I ask you to challenge why they exist in their current forms. Is there something that could be changed to open up opportunities for people from different backgrounds, or with different ways of thinking? Is there a way of addressing that in your recruitment literature, interview techniques, or your approach to what ‘good’ risk management looks like?
Like I’ve mentioned above, I’m no expert or leading voice in these conversations. I just wanted to share some thoughts and facilitate a discussion. If I’ve got something wrong, or could get better at something, let me know! And if you’d like to share your thoughts, by all means do so. All I ask is that you do so in a way that is respectful to your peers — the world needs more love right now.
Richard is a Principal Risk Engineer at nPlan. He has worked in project and risk management roles for more than a decade, and is a Fellow of both the Association for Project Management (APM) and Institute of Risk Management (IRM).
Interested in working with Richard? See all our open roles at https://www.nplan.io/careers