Change is good.
Change is what allows us to continuously improve, grow, progress. Change is what turns okay into fantastic and antiquated into fresh. Change is what keeps us current, competitive, engaging, and exciting. Change is what allows us to become more diverse and inclusive, more efficient and productive, and more engaging and attractive to the next generation of employees.
But change is hard. It means learning or doing something that you haven’t done before, or potentially, what no one has done before. And with change comes risk.
Risk can’t be avoided, but it can be managed.
With proper risk management, you can avoid taking on too much risk at once. And when you do encounter those bumps in the road (and you will), you’re ready for them and they don’t derail your efforts.
How do you manage risk?
1) Identification – prepare for the worst so you don’t need to hope for the best
The first step to managing risk is to know the risk you may need to manage.
It’s time to play “What can go wrong!”
Get a group together for the fun ‘destroy the program’ brainstorming exercise. Generate as many ideas as possible for all the ways the effort can be thrown off, derailed, or fail. Go for the obvious, the stretch, the outlandish. The more complete the list, the better prepared you will be.
Here are the categories of risk with a few examples.
For these examples, the effort is to update job descriptions and requirements to make them more inclusive.
Leadership risk: risk of losing top-down support or focus.
The executive sponsor supporting DEI initiatives leaves the organization.
Executive leadership deprioritizes the job descriptions effort in favor of another DEI initiative in another department.
The organization misses its quarterly goals and all DEI initiatives are deprioritized in favor of market adjustment efforts.
Process / technology risk: risk of losing required tools, technologies, and systems.
The ATS requires updates to support the job description changes, and there are no resources available to make the change.
The ATS is unable to track the metrics needed to measure the results of the effort.
Email size limitations causes problems sending the drafts of job descriptions to the reviewers.
The team isn’t trained on how to use track changes.
People risks: risk of owners/contributors/reviewers not being able to execute the effort.
The hiring managers of the job descriptions are unresponsive to requests for reviews.
The TA managers assigned to the effort get overburdened with open recs and are unable to allocate enough time.
The hiring manager and TA manager do not agree on core requirements and are unable to achieve consensus on the new job description.
Budget/performance risks: risk of losing budget or the effort not meeting expectations.
Target performance metrics for increased diversity of candidate flow are not achieved.
De-prioritization results in loss of budget before the effort is completed.
Target for how many job descriptions can be completed per month is not achieved.
Situation risks: risks introduced by outside forces that impact the effort.
For each risk, identify what (if any) are the early signs or indicators that will give you a head’s up that the road may get bumpy. Wherever possible, design the effort to monitor for those signs.
For example, for the risk of the effort being deprioritized, monitor for a sudden flurry of activity, increased news coverage, industry-impacting regulatory changes, or the sudden disappearance of the executive team.
For example, for the risk of the ATS not being able to collect the metrics, plan an initial step to check to see that the ATS can do what you need it to do.
2) Rank your risk – how risky is the risk
Once you have a list of all the things that could go wrong, do a quick evaluation of the likelihood that the risk will happen. Keep it simple such as ‘high, medium, low’.
High risks are those that are most likely to happen. These are the things that frequently occur to efforts, or are in-line with the culture and habits of the organization.
Medium risks are those that have happened before but not frequently or are those that are rare but have a high impact on the effort.
Low risks are things that have never happened before or have not happened in recent times. These are also the ones where a lot of things would have to go wrong (or right) to create the risk.
3) Mitigate through planning – in case of an emergency follow the lights to the nearest exit…
The power of risk identification is not just knowing that a risk can happen, but also what to do about it if it does happen. By planning your next move ahead of time, you’re less likely to get caught by surprise or left scrambling when something goes wrong. In other words, you mitigate (or reduce the impact of) the risk. Don’t forget to monitor and react to those early warning signs you identified in step one.
For high risks, outline what the team will do if this risk occurs. You don’t need all the answers, but think through the general direction, decision tree, and ownership.
For medium risks, identify at least the first step. Who are you going to call? (GHOST BUSTERS… sorry… I couldn’t resist) What information will you need? What is your ask?
For low risks, a general sense of what comes next is good enough. However, if you detect any early warning signs of a low risk, take the time to flesh out that mitigation plan.
4) Apply results to prioritization and planning – cost, benefit, risk
Armed with the identified risks – ranked and planned for – you can plan for risk just as you would plan for cost or benefits.
For example, just as you would carefully plan and budget for high-cost projects, do the same with high risk projects (i.e. lots of medium and high risks and/or risks with expensive mitigation plans).
You can also plan to make sure you aren’t taking on too much risk at one time. Do this by avoiding overlapping high-risk projects or projects that have too much risk in specific areas such as multiple projects with risks around technology infrastructure or budgeting.
Bringing it all together
Change is good and necessary, but it does come with risk. Identifying and managing those risks, just as you would cost, will ensure that you and your organization gets all the benefits of change without being thrown off course by the inevitable bumps in the road.