Best practice in risk management – five characteristics of high-performing organisations

Best practice in risk managementThis post identifies five characteristics of high-performing organisations with best practice in risk management and discusses those characteristics with examples.

Some organisations manage risk successfully – they represent best practice in risk management.  If the majority of organisations could raise their performance to the levels of their high-performing peers that could lead to significant improvements in areas as diverse as patient safety, financial services, major projects and workers’ health and safety.

Working with a range of organisations and industries over the last 25 years, I have observed some consistent trends that characterise best practice in risk management (e.g. leadership commitment, learning lessons, and a culture where people can point out risks and make suggestions).  However, it was only when I led a review of how health and safety risks were managed during the construction of the London 2012 Olympic Games and Paralympics Games (London 2012) that it crystallised those observations.  There, I saw concentrated evidence of what best practice in risk management looks like in one place.

The construction of London 2012 was completed on time and within budget.  It was also the first Games where no workers lost their lives during construction.  Therefore, it seems reasonable to take the construction of London 2012 as evidence of best practice in risk management.

I have produced a set of reports(1, 2) and papers(3), and these provide more detail on the issues presented here.  From these and my wider experience, I have identified the following five characteristics of high-performing organisations who manage risk successfully:

1. Integrated risk management is the preferred approach

Integrated risk management is the preferred way of working as risks are interlinked and need to be balanced.  This means that risk management is seen as a part of ‘business as usual’ and avoids ‘unforeseen’ problems caused by risks being addressed in isolation (or not at all).

On London 2012, integrated risk reviews were undertaken.  These involved all duty holders and cost, programme, technical, environmental, quality and health and safety risks were considered simultaneously.

2. There is a culture of challenge to all significant decisions

Organisations are constantly asking questions such as ‘Is this the best way to do it?’ and ‘Can we do it a better way?’

On London 2012, challenge came from all team members.  This was found to be an effective form of risk management, and it introduced an appropriate culture to organisations.  These discussions were relevant to the management of all risks including completing the construction on time and budget and ties in with Characteristic 1.

3. Planning starts early and is on-going

Key team members are appointed early and significant planning is done before implementation.  This is followed by on-going planning and risk management throughout the implementation process.

On London 2012, teams were appointed early.  This allowed them to identify and manage risks early by using the experience of the appointed contractors and designers to improve buildability, reduce cost and time as well as improve health and safety.  With better planning, there was less re-work, quicker completion and easier handover.  At on-going planning meetings, participants were required to identify the risks that would arise in the coming months so that they could be addressed in advance (when it was cheaper and more effective to manage those risks).

4. Ideas and lessons learned are shared internally and externally

Senior management engage with the workforce. This helps to get the message across and demonstrate how seriously risk management is taken.

Organisations share ideas on how to solve key risks in their industry sectors via formal and informal routes.

On London 2012, supervisors were trained, and provided daily activity briefings for site workers so that those workers were aware of what was required of them that day.  Senior management engaged with the workforce; this helped both to get the message across and demonstrate how seriously health and safety was taken.  The point was made that engagement incurs little cost, but helps to motivate the workforce and get key messages across.

Also on London 2012, contractors, who would be competitors outside of London 2012, shared ideas on how to solve problems both via formal and informal routes.  Near-miss information was shared, giving other contractors advanced warning of potential problems.  Information was brought into London 2012, shared on site, and then disseminated within the contractors’ wider businesses outside of London 2012.

5. Leaders set the priorities and reinforce them regularly

Leaders set the tone for risk management from the start, and then reinforce this on a daily basis.  When leaders’ actions tie in with their words, it gives credibility to the risk management messages.

On London 2012, the Olympic Delivery Authority (ODA) set the tone for health and safety from day one, and then reinforced this on a daily basis through its actions and those of its delivery partner.  ODA’s actions tied in with their words and gave credibility to the health and safety messages.

Are these five characteristics applicable to other organisations?

Some will argue that these were characteristics of organisations involved in the construction of London 2012 venues and infrastructure, so they can’t be transferred to organisations that aren’t in the UK or the construction sector.

However, my view is that these characteristics are applicable elsewhere as:

  • Organisations are collections of people doing their jobs – my experience has been that there are similarities between how people and organisations behave regardless of the industry sector
  • Many of the organisations working on London 2012 were international companies operating in many countries – these organisations typically had international standards that were consistent across their worldwide operations

I would be interested in finding out what characteristics others have observed.


  1. Mike Webster and Liz Lloyd-Kendall: The Construction (Design and Management) Regulations 2007: Duty holder roles and impact, Olympic Delivery Authority Learning Legacy Report ODA 2011/269, October 2011
  2. The Construction (Design and Management) Regulations 2007: Duty holder roles and impact, HSE Research Report 941, 2012
  3. Mike Webster: ‘The use of CDM 2007 in the London 2012 construction programme’, Proceedings of the Institution of Civil Engineers, Civil Engineering 166, February 2013, Issue CE1, Pages 35–41

Free download of MPW R&R Organisational Risk Report About the author:

Dr Mike Webster specialises in risk and regulation, and is a chartered engineer with over 30 years’ experience. He has led risk and regulatory projects in the UK, Europe, Far East and US, and has acted as an expert witness in the UK.

He focuses on construction and structural safety, CDM and risk, and founded MPW R&R to provide Consulting, Forensic and Expert Witness services in those areas.

If you would like free access to Mike’s report Do you understand what factors influence risk in your organisation? and the accompanying Organisational Risk Benchmarking Tool where you can benchmark your organisation against risk management best practice click here.

If you would like to discuss this further, drop Mike a line at or give him a call on +44 (0) 7969 957471.