8 questions to prepare you for risk-managing change

As part of our study on how operational risk can facilitate and enable organisations to change and keep pace with a constantly-evolving operating environment, we worked with Chief Risk Officers to identify the key questions that operational teams should ask themselves to help them address change-risk management.

From their responses, we created a 'Checklist for Change' to help you see if you and your team are ready to support change at your organisation. While this isn't a comprehensive list of things you must do, it's a very useful list of topics that you can think about and is a great starting point.

Risk-managing change checklist

8 areas to consider

1. Change scope

Is it clear to your teams what change risk is and when to flag concerns?

Everyone needs a clear understanding of change-risk priorities, so they know what risks to look for and flag. The key delivered risks of concern may be, for example, reputation or information security.

2. Focus on risk

Are there gaps in your existing processes through which risk can fall?

If the scope of change risk is defined by aggregating the output of existing change processes, it’s useful to think about what might be falling through the gaps between processes.

3. Get in there early

Is risk proactive or reactive in risk-managing change?

Consider whether risk currently gets involved early enough, before the decision to change has been made, and whether it has a mandate to make a difference.

4. Use risk champions

Is the risk champion model worth considering?

This is a model for how risk partners with the business, providing a single point of contact that can triage risks and make decisions at speed.

5. Build on what you have

How can you best use what you've got?

There is likely no need to create a new risk silo. Existing tools and approaches are probably perfectly acceptable, but they might need tailoring to this new change-led environment.

6. Consider the delivery environment

Is the business ready to receive the change?

Using existing assessments, consider whether a change is going to be delivered into a high- or low-resilience environment.

7. Aggregate capacity

Are you able to aggregate risk to understand your capacity for change?

Understanding the organisation's capacity for change means aggregating the change-risk portfolio (how much change is too much?). It is more important to be effective than to be precise.

8. Learn from outcomes

Are outcomes in line with your risk assessments and, if not, why?

Examining what happened in previous change-risk situations focusing on delivered risks. Introducing a change-risk angle to incident reviews and post-mortem analyses.

Download the full report and checklist to find out more

To learn more about how you can support your organisation through a period of change, you can download the full report, Transforming safely – the emerging practice of risk-managing change report, and the accompanying checklist for free.