Bill Raab is director of risk control for Glatfelter Public Practice. Raab can be reached at [email protected].
Regulatory compliance may not sound like the most exciting topic out there, but for water entities, it is a subject that has to be both understood and followed. It is critical to comply with codes and standards to keep your communities safe and avoid costly fines and penalties. There are people who believe that compliance with regulations is the result of effective risk management routines, but the opposite is true. Compliance is the foundation necessary for an organization to have a thorough and effective risk management program.
Within the water industry, regulation focuses on public safety and the environment, and most operations have rules and governance to meet codes and standards. Despite this, tragedies like the one in Flint, Mich., remind us that there is more to managing risk than just rules and compliance.
An effective risk management program begins with leadership and a healthy risk management culture. Some organizations overlook both when they develop their programs. According to Gary Storer in the Journal of Risk Management in Financial Institutions, “Flawed management decision making is often at the heart of regulatory failures and customer detriment.” Storer also found that leaders lack appropriate training in decision-making, risk management and leadership.
For instance, states require water operators to receive a certain number of continuing education credits to maintain their operator’s license. Most of their classes focus on compliance and operations. Some states minimize the impact of risk management training by only offering a fraction of credit for risk management classes, which sends a message to water and wastewater operators that risk management and safety somehow are not as important.
An effective risk culture promotes open debate and discussion about the risks that an organization faces and requires humility in leadership to meet that measure. Cultures of silence can emerge when employees are uncomfortable discussing their concerns with leadership. These situations can damage an organization or its stakeholders. Building an effective risk culture begins with creating a transparent organization environment where employees feel safe to speak up regarding their concerns.
Creating a risk committee that meets regularly is an effective method to keep open communication about risk management. According to Rick Funston and Steve Wagner in Surviving and Thriving in Uncertainty: Creating the Risk Intelligent Enterprise, “A well-structured risk committee can accelerate development of a common language and understanding of risk.” The makeup of an effective risk committee includes supervisory and front-line employees. Providing all employees with access to the agenda before the meeting and the minutes after the meeting allows everyone the opportunity to have a voice regarding the entity’s risk.
Allowing all employees to raise their concerns regarding organizational risks is another important aspect of a risk committee. The committee gains credibility in an organization when employees see changes occurring as the result of the committee’s actions, and more two-way communication is encouraged. A risk committee also can have a detrimental impact on risk culture if the committee does not transparently handle employee concerns.
Leaders also have an important role in the development of effective risk culture. Leaders who engage with their staff at all levels tend to have a better dialog with their employees. Leaders who lead from an ivory tower and stick to a strict chain of command do not always hear employee concerns because they do not make it through the levels of leadership. Hands-on leaders who listen to and value their employees’ concerns build an effective risk culture.
While regulatory compliance is necessary to keep the public and the environment safe, organizations that rely on compliance run the risk of failure because they ignore the art of risk management.
Oliver Wendall Holmes said, “For the simplicity on this side of complexity, I wouldn’t give a fig. But for the simplicity on the other side of complexity, for that, I would give my life.”
Relying on compliance with regulations simplifies risk management to a point where failure is much more probable than it is in organizations that recognize the art of risk management as well as the science.