RA vertical color logo


Humans love to give feedback. We fill in boxes, check off likes and dislikes, and rate our satisfaction on nearly any topic. Companies want our feedback so they can make better products, improve services and keep us buying.

What better way to create a continuous cycle of valuable information than by asking for it?

Larger organizations have long understood that feedback is a vital part of the risk management framework. Smaller organizations should also develop feedback loops that deliver key information about your operations and your company’s impact with customers. Each feedback process should include the following elements:

  • A simple way for the customer or team member to provide information;
  • A step for management to review the information;
  • A step for implementing changes;
  • A step for getting back to the customer or team member about action taken (or why action was not taken); and
  • Metrics to ensure that the process is being used.

Here are simple ways for you to create feedback loops in your organization:

Customer suggestion boxes/forms. Make it easy for your customers to help you manage threats and opportunities. A simple suggestion process – either a box in your place of business or an online/mailed form – can identify product, reputation, and satisfaction issues.

Employee suggestion boxes/forms. Who better to give you immediate feedback on your risk management efforts than the employees directly affected by them? (We suggest both anonymous processes and non-anonymous. The anonymous option can help you uncover weaknesses in your plan without jeopardizing relationships, while a process requiring self-identification can lead to ownership and acknowledgement).

Dedicated feedback email. Make feedback an integral part of your communication with employees and customers. Set up an email specifically for feedback and designate people to monitor it daily.

Threat/Opportunity check-ins. In your periodic staff meetings (you do have those, right?), have a set agenda item to discuss threats and opportunities. This is a good time to pull out your risk register (you have one of those too, right?). These T/O check-ins reinforce team members’ responsibility to think like owners.

Audits. Throughout the audit lifecycle, feedback can be critical to reducing regulatory risks. Gather feedback before, during, and after the audit and incorporate it into your risk management review process.

Periodic review. Build periodic reviews into every risk management plan. By establishing the follow-up process, you can adjust and monitor better the results of your risk initiatives.

Incentives. Another great way to solicit feedback is to provide incentives to employees for reporting on the results of various risk management initiatives or changes. The incentives encourage faster reporting, which allows you to adjust quickly.

Deputizing. Create risk management accountability among your employees. Department heads, supervisors, and employees can share the job of watching out for and alerting risk management to potential issues and opportunities.

Pilot programs. Pilot programs are excellent ways to turn potential opportunities into significant growth. Instead of committing all your resources, you structure a limited test that provides feedback on whether additional resources should be committed.

More feedback means a better picture of your risks. The more ways you can solicit feedback on an ongoing basis, the more comprehensive the view of your overall risks will be.

Please share this post if you found it useful.