Like good leaders, good risk managers have to be good storytellers.

When organizations’ leaders communicate with their workforce about the direction of their company and its objectives, they use a variety of approaches. The better leaders, those who are able to bring their ‘followers’ on board, are good at telling stories, not tall ones, but good ones. They use the art of ‘storytelling’ to connect with their audience, to make their communication easily understood and to build support for their picture of the organization’s future. What they definitely don’t do is give a dry, colourless, albeit, rational discourse.

Like good leaders, good risk managers have to be good storytellers.

People in any organization who know the risks or who have the ability to uncover the risks are those with first hand knowledge and experience. In other words, the people doing the work know the risks, whether that work is software development, security trading, project management or working a tool on an oil rig. These are the people that the risk manager must influence, either directly or indirectly.

So, in the same way an inspiring CEO uses language and their rhetorical skills to influence organization behaviour, risk managers must do the same if they want to be successful in their job. A capable risk manager must have the ability to awaken and galvanise people into action on risk management.

Every good story must have uncertainties

Watch any box office movie hit and you will see the ISO 31000 definition of risk played out over and over again; the effect of uncertainties on objectives. The ‘effect of uncertainties on objectives’ is what propels every story and determines the course of action.

  • Will the terrorists achieve their objective of blowing up the bridge or will the ‘uncertainties’, read ‘the actions of the good guys’ stymie their plans?
  • Will the flat tire mean that the heroine misses her rendezvous and her opportunity to meet her long lost lover?

In a movie, ‘uncertainties’ are a main driving force.

Similarly, in the ISO 31000 standard on risk management, uncertainties are the driving force. The following are a few examples of references in the ISO 31000 standard:

  • The definition of risk in ISO 31000 is the effect of uncertainties on objectives.
  • When implemented and maintained in accordance with this International Standard, the management of risk enables an organization to, for example, (...) improve the identification of opportunities and threats…
  • “Risk treatment can involve (…) taking or increasing risk in order to pursue an opportunity”
  • “It is important to identify the risks associated with not pursuing an opportunity”.

So, what type of story does a risk manager tell to provoke action on risk management?

Human beings have a tendency to think that things will go on, pretty much the same, forever. Call it complacency or false hope. Until fairly recently most people thought the good times were going to continue to roll, indefinitely. Then, in 2008, the GFC shook their foundations.

So a risk manager needs to tell stories that awaken in people the idea that their organization’s sustainability depends on how well it manages risk to achieve its objectives. The business world is full of high profile examples of negative events. There are also many examples of very positive organization outcomes.

The risk manager needs to use these examples and through analogies, metaphors and language, demonstrate that, just like in a movie, every leading role and every bit player in the organization, through their inactions or actions, is in a position to influence the outcome. Risk language needs to be tailored to each group in the organization. One size does not fit all.

The risk story

The Risk Story