Frontline engagement is essential to strong risk management. We’ve previously explored the four key ways that ERM can help reverse the design flaws of the Three Lines of Defence Model (3LOD). With recent revisions to 3LOD by the Institute of Internal Auditors (IIA), risk assurance responsibilities for senior management are increasing.
This more flexible method for managing risk stresses engagement at the front lines and encourages “see something, say something” behaviour. The goal? Stronger insights and better alignment across all lines of defence.
Frontline engagement aligns your enterprise risk management program’s goals with your organizational goals. It ensures that your employees are aware of the appropriate actions and processes for identifying, assessing and reducing workplace risks, and when to escalate a risk to upper management.
What are the benefits of adopting a frontline engagement risk model? Under the new 3LOD model, “responsibility for managing risk remains a part of first line roles and within the scope of management,” the IIA says. So ensuring compliance with legal, regulatory, and ethical expectations is now recommended to be a first-line role that stresses collaboration, notes Compliance Week, a change from compliance’s second-line status in the IIA's previous model.
But do you know what frontline teams really do? How do they think about risk? I’ll uncover some of the ways you can identify the pain points of your frontline staff and will highlight:
- The secret to knowing where some of the best risk-mitigation opportunities are hidden
- How to achieve quick frontline wins
- Ways to build credibility through organisational alignment
- The importance of repeating what you think others know about ERM
Frontline fundamentals: What do frontline workers do?
It may seem a silly question, but do you know what your frontline does? If you answered “no” or “I’m not sure,” then it’s unlikely that you can know what the true pain points of the frontlines are.
As discussed previously, frontline staff are process owners who play a critical role in risk mitigation since they’re the “eyes and ears” of the enterprise. The frontlines provide key services that enable your business to function, but the challenge is in creating the right social norms to welcome honest feedback and encourage the contribution of ideas. Only then, can the best opportunities for risk mitigation be uncovered and leveraged effectively for threat prevention.
For quick frontline wins, start small.
While enterprise risk management (ERM) is well-equipped to drive engagement on the frontlines, programs are often rolled out that require a huge amount of the frontline’s time, effort and resources.
To position yourself as a partner worthy of frontline feedback, you must start small and build the trust necessary for regular collaboration. There’s no doubt that meetings can serve important purpose, but once they become inflated, restlessness increases and engagement drops. This is especially true in frontline areas where staff carry heavy responsibility on steep deadlines. If risk management meetings run too long or require too much preparation, the people you need feedback from will soon be conjuring ways to get out of the next one. So, what’s the solution? Start small!
Position yourself as a consultative partner that’s interested in brief, but regular frontline collaboration. Don’t use all your goodwill on the first meeting alone. Spread your agenda out so that you’re not exhausting three hours of a frontline manager’s time on your first engagement. Establish an outline for your meetings and consider what’s reasonable for a 30-minute segment several times a year. Remember, an ERM program isn’t worthwhile if it’s not sustainable!
Alignment assignment: Your credibility depends on it.
If there’s ever been case for putting yourself in one’s shoes, this is the time. We’ve talked about the importance of knowing the needs and nuances of your organisation’s essential workers, but there’s more to running an effective risk management program under the updated 3LOD guidelines.
You must know where your credibility stands with frontline managers, and here are three steps to finding out:
- Examine your program goals as they relate to the organisational goals that frontline staff contribute to. Do the two align?
- Determine whether your risk management program has kept pace with organisational changes. Most companies look radically different today from how they did three years ago. Are you operating from an expired framework, or have you adjusted your program to express heightened focus on newer organisational changes?
- Ensure that your processes are appropriately designed to support and operate alongside each area of the enterprise. As a reminder from our last discussion, key risk indicators can be used to increase the cadence of engagement with the frontline.
Why one introduction to risk is never enough.
The old assumption that frontline workers don’t quit was forever changed by COVID-19 and the “Great Resignation.” Frontline turnover is now as high as 60% in retail according to McKinsey, and with that comes a growing disconnect between new employees and the organization. Additional factors like rushed onboarding and top-down communications can further hinder ERM attempts at consultative partnership as a technique for first-line engagement.
How do you empower frontline employees? Be sure to get to know new frontline managers and create the right conditions for reporting and feedback about risk management. The previous accounting manager may have known you and been on board with your program, but that doesn’t mean that the new one will. It’s worth revisiting step 3 from our prior post about ways to market your ERM program internally.
Remember, if frontline people don’t know why risk management is important, who you are or what you do to help them, they won’t share information and can’t be productive. Invest time to repeatedly build new relationships and have “what’s in it for you” conversations regularly to ensure that your most important people stay proactive about prevention.