This was the subject of a recent discussion I had with risk professionals, and they make a good point.
Nobody likes admitting mistakes, even less so publishing them and admitting them to their executive and board. It’s human nature. And yet, that’s exactly what we need to encourage to develop the learning culture that’s needed.
Many years ago, the NHS in the UK pioneered a “no-blame” approach, whereby they positively encouraged their people, from the most junior person in the room, to point out small errors and near misses. In some organisations, even where there’s great accountability and where near misses and risks are dealt with promptly, the organisation doesn’t learn from them unless they are shared.
In a podcast with Seedcamp, Stripe CFO David Singleton talks about how even minor code annoyances (they call them “paper cuts”) can get easily flagged to their developer productivity team for remediation, to continuously improve the experience and efficiency of their coders.
As CRO, you absolutely want to work with your executive team to foster this kind of culture. However, there’s a consequence to this that you need to help to manage – with all of this risk and near-miss reporting, your stats are going to go up. On the face of it, your risk profile has increased.
Your role is to front-run that expectation with your Board and explain why it’s OK. Risks haven’t increased, they have just become visible. This is healthy and normal. And bear in mind that, as people start to flag issues, the rest of your staff will be closely watching to see how management respond – are the issues managed sensibly and proportionately, and the learning welcomed, or is the messenger shot? If they see increased transparency being welcomed, they are more likely to come forward themselves. So, it’s less of a one-off “amnesty” and more of a gradual awakening.
So, the question you can ask yourself and your executive team today is – how can we signal that it’s OK, in fact welcomed, to flag little issues, near misses and risk events? The reward is a more resilient, more risk-aware organisation.