In part one of this two part series, we discussed the various forms of internal risk and best practices for risk management and mitigation. In part two, we explore the profound impact of a true speak-up culture.
What is a 'speak-up' culture, anyway?
If you're hearing the term 'speak-up' culture and picturing your team doing stand-up comedy at company parties, you've missed the point – although a good laugh never hurts morale.
Speak-up culture is all about creating an open environment where employees feel comfortable sharing concerns, ideas or observations that could affect your company's performance or ethical standing. It's not about criticizing for the sake of it; it's about proactive problem-solving.
Before diving into how to manage internal risks by listening, it's crucial to understand the bedrock of what you're trying to build: an environment where people are not just allowed, but encouraged, to speak their minds.
Create windows where your walls are
Think of your organization as teeming with risk managers. More often than not, they're the first to spot red flags, sometimes even before your dedicated risk team.
However, if your organization is full of walls, there’s mountains of data you’re going to miss that plays a vital part in identifying and handling risk. If you try to turn those walls into windows, where transparency and open communication are valued, you’ll see so much more across your business.
Why speak-up culture matters:
- It’s powered by a resource you already have: your people
- It facilitates faster problem-solving on companywide issues
- It can increase employee engagement and improve morale
- When you listen and act on feedback, it builds trust across your organization
Speak-up culture is all about creating an open environment where employees feel comfortable sharing concerns, ideas or observations that could affect your company's performance or ethical standing.
Whistleblowing: a gift, not a curse
People who raise concerns with management, sometimes known as whistleblowers, often get a bad rap. Historically, they’ve been seen as nuisances, snitches or even traitors, especially when we think of big scandals involving whistleblowers taking insider info to the press.
However, whistleblowers who report internally when they have concerns are effectively an early warning system. They aren’t going to the press – they’re telling you they think something is wrong. Sure, you've got meetings, maybe even a suggestion box or two. But have you established a culture where people genuinely feel they can voice their concerns?
To meet global whistleblowing regulations and support a speak-up culture, you must create avenues where employees can report issues they've noticed without fearing a proverbial slap on the wrist. Even so, culture also needs softer touch points alongside reporting channels guides in your code of conduct on how to raise concerns.
A starting point can be as simple as dedicating five minutes in your weekly team meeting for risk discussions. A reward system for constructive feedback, such as making processes safer or more efficient, can also encourage more people to come forward.
Here are a few more tips for normalizing how and why people should raise concerns within your organization:
- Use and regularly highlight an internal communication tool specifically for employees to raise concerns or check policies
- Talk about issues noticed or reported, and how they were handled, openly in company communications
- Implement a regular speak-up segment in team meetings, initiated by management where possible
- Train managers to actually listen for wider issues during these segments, rather than just noting what individuals say
The perils of ignoring your staff can't be stressed enough. It's not just about keeping talent; it's about listening to those who are tuned in to the realities you can't see from your boardroom. When your team members feel unheard, you really risk them becoming someone else's team members.
Losing your people to mistrust and poor morale isn't just a team loss. It's a massive internal risk management failure.
Thinking tactically about tech
Internal risks – especially people-based ones – can be elusive. So, how do you go about detecting them? Employee surveys are one way to start, but you need to dig deeper. Tech can help.
Modern risk assessment platforms, designed to flag internal issues, can offer you useful insights not visible from the CCO’s office. They can sift through data, including reports submitted by employees, pick up on inconsistencies and alert you to looming problems through pattern detection.
- Whistleblower helplines – Digital platforms that provide an anonymous, secure way for employees to report any issues. These are essentially your early warning systems for employees to ring the bell. As the mouthpiece of speaking up, they are where people go to tell you what’s up.
- Incident management platforms – These aren't just for data breaches. Use them to log and manage all your reports of internal risks flagged by your team, ensuring every voice is heard and responded to in line with regulatory requirements.
- Collaboration portals – Think of these as your organization's internal social media. They encourage open dialogue and can serve as less formal platforms or forums for raising red flags, discussing problems and ideating solutions, helping to normalize the act of speaking up.
- Employee feedback tools – These can go beyond the traditional annual review, but they are more of a periodic prompt to your people rather than only offering an open-ended portal to raise concerns. Real-time feedback platforms allow employees to raise concerns as they occur, letting you nip potential issues in the bud.
- Audit solutions – While they’re great for financial checks, consider using them for social audits on your company culture. They can help you track how often concerns are raised and how swiftly they are addressed, providing a tangible measure of the health of your speak-up culture.
As a final point, data mismanagement is a sneaky carrier of risk that thrives in a culture of silence. Whether it's due to poor procedures or a sheer lack of oversight, when data isn't handled correctly, it's not just about potential financial losses or wasted time. External audits that find these mistakes can quickly land you in hot water with regulating bodies – you’re far better off finding them yourself so you can strategize how to manage them better.
Employee input can be a rich source of qualitative data to fill the gaps your quantitative surveys leave. Make sure your tech tools are calibrated to treat this data with the gravity it deserves, flagging trends, common concerns and patterns that quantitative data might miss – the applications for this sort of information are infinite.
Risk is a bigger picture than your organization
Many of the emerging risks that you face every day touch the remit and responsibilities of one or more of your employees.
A strong speak-up culture is your first line of defense against a range of risks, especially internal risks. Furthermore, the human element of risk management should never be underestimated. While we've examined various categories of risks, they often intersect and are magnified through human behavior, for better or worse.
Whether it’s on a screen or part of an interaction, in your day-to-day operations, it’s far more likely someone will notice potential or actual risk faster than your processes or occasional auditors will. Can these people tell you? What would put them off telling you? And if they do raise a concern, what will you do next?
Check out NAVEX whistleblowing and incident management software to make speak-up culture a priority.