Six steps towards a more robust ethical risk assessment

  • 18 May 2016

It’s approaching halfway through the year and, let’s assume, you’re on notice to give a presentation to management about the ethical risks that your firm faces. You’re thinking ahead about what they might ask you, wanting to be sure that you’re not caught out. Where do you start?

Here are six features of an ethical risk assessment that firms can fall short on: two each from the planning, execution and follow-up stages.

Planning – have you got the scope of your ethical risk assessment right? This is not about how far out your ethical radar goes, but whether it covers all 360° or not. What evidence can you point to for this?

Perspectives – have you based your assessment on just your firm’s understanding of its ethical risks, or have you taken on board the views of others, such as customers or employees? Every firm will have customer data it could use, but substantive and relevant employee data may be harder to come by. If you don’t have it, start making plans to collect it.

Execution – have you included issues at all three levels of risk – market risk, firm risk and individual risk? How this is answered could speak volumes: for example, an assessment that predominantly pays attention to the individual layer of risk points to a firm that sees employee behaviour as ‘the ethical problem’ and hence misses questions about its own role in products, pricing, data and performance.

Improvement – no doubt you’ve prioritised the risks according to their significance and likelihood, but did you then further prioritise them according to their maturity and your firm’s present position? This is about making sure you put your energy where it’s needed most. It’s a step often missing from the ethical risk assessments I’m asked to review.

Follow-up – having identified the key ethical risks that need to be tackled, have you then threaded them through your competency and performance systems? One of the main problems that follows on from ethical risk assessments is failing to be prepared to take the outputs through into management systems.

Hurdles – does your mitigating plan for each risk include some form of force field analysis, to ensure that any hurdles that might be faced are recognised? This is another feature often missing from the ethical risk assessments I see: it’s a bit like running a race without thinking of any hills or chasms that might be in the way.

You can find out more about assessing ethical risks in a guide I’ve produced for subscribers to the blog… You can download the guide and sign up to the blog by clicking on this link.