1. Enterprise Risk Management (ERM)

Enterprise Risk Management (ERM) stands out as a holistic approach to identify, assess, and manage risks across all organizational facets. Seamlessly integrated into core operations, ERM offers a comprehensive view of potential risks and their interdependencies.

 

Key advantages include:

• Better decision-making through structured risk assessment.
• Improved risk tolerance, aiding in responding to both known and unknown risks.
• Regulatory compliance adherence, a crucial factor for various industries.
• Substantial cost savings by identifying and mitigating risks early on.

 

Explore Granite’s Enterprise Risk Management tool here.

2. Strategic Risk Management

Strategic Risk Management focuses on risks directly impacting a company’s strategic goals and decision-making. This approach allows businesses to make sustainable decisions aligned with dynamic market conditions.

 

Key elements include:

• Scenario planning to develop contingency plans for strategic initiatives.
• Risk-informed decision-making, integrating risks into strategic processes.
• Regular monitoring to evaluate progress and predict outcomes.
• Resource allocation for impactful long-term success.

 

Discover Granite’s Strategic Risk Management tool here.

3. Third-Party Risk Management

Third-Party Risk Management enhances visibility into external dependencies, managing risks related to suppliers, contractors, and partners. Objectives include:

• Predictive risk mitigation by anticipating and preventing potential issues.
• Advanced compliance monitoring to ensure partners adhere to regulations.
• Improved business continuity through proactive risk management.
• Reputation protection by preventing negative events.

 

Check out Granite’s Third-Party Risk Management tool here.

4. Cyber and Information Security Risk Management

Effective management of cybersecurity risks is crucial in the UK’s digitalized business landscape.

 

Key components include:

• Regular risk assessments and penetration tests.
• Strong security policies and employee training.
• Well-defined incident response plans.
• Implementation of encryption and access control.
•  

Explore Granite’s Information and Cyber Security Risk Assessment tool here.

5. Continuity Management

Business Continuity Management ensures a company’s core operations continue during and after a disruptive event. Key elements include:

• Business Impact Analysis to identify critical functions.
• Continuity planning for maintaining operations during disruptions.
• Regular testing and exercises to update plans.
• Clear communication protocols for stakeholders.
•  

Explore Granite’s Continuity Management tool here.

 

Granite experts can help you choose the best set of risk management tools to support your organization’s goals. Book a 15-minute demo now to learn everything you need to get started. 

Artikkeli Top Risk Management Solutions to look into in 2024 julkaistiin ensimmäisen kerran Granite.

Artikkeli Understanding Risk Management Maturity Models julkaistiin ensimmäisen kerran Granite.

Artikkeli Elevating Your Business Risk Management Maturity: A Guided Journey julkaistiin ensimmäisen kerran Granite.

In the fast-paced world of modern business, effective risk management is no longer a choice but a necessity. The challenges of managing risks have evolved, and traditional methods, such as manual processes and scattered spreadsheets, are struggling to keep up with the dynamic nature of these challenges. This article delves into the contemporary landscape of risk management, addressing the need for a practical solution that bridges the gap between overly complex enterprise systems and outdated manual approaches. We’ll explore the key issues faced in risk management and how a balanced approach can empower your organization to navigate these challenges effectively and seize opportunities.

The Downside of Spreadsheets

Let’s face it, spreadsheets have been the go-to choice for many organizations regarding risk management. They are familiar, readily available, and seemingly cost-effective. However, the reality is far from ideal. Managing risks with spreadsheets can quickly turn into a chaotic and error-prone process. Information is often scattered across multiple files, making it challenging to maintain a clear and up-to-date overview.

“In today’s world, using Excel for risk management is no longer sensible. Comprehensive and result-oriented risk management requires appropriate tools. Granite’s functions made it possible for risk management to be developed and brought closer to practice.”

-Eija Simonen-Riikonen, Resource Director, Suur-Savon Sähkö

While spreadsheets may provide some level of control, they lack the visibility and efficiency required in today’s business environment. It’s a labor-intensive process that often leaves organizations without the clarity of the bigger picture. Spreadsheets also lack the professionalism that important processes – like risk management – require. You should be able to easily demonstrate to all stakeholders that the whole risk management process is effective and its trustworthiness is auditable at any time.

The Complexity of Enterprise Systems

At the opposite extreme, there are complex and costly enterprise systems. While they may appear perfect on paper, they often require extensive IT projects, significant investments, and substantial time to implement. These systems can be overcomplicated, leading to resistance from users and, at times, poor adoption rates.

“Granite is incredibly easy to work with, combining fantastic communication throughout (and after) the onboarding process with knowledgeable people and a great product which was tailored to the needs of our organisation.”

-Gary Ellison, Senior Risk Manager, Vaultex UK Ltd

Large enterprise systems may overwhelm everyone with their massive feature stack but it’s important to know and realise what are the important features that provide the results.

The best of both worlds

This balanced approach fits neatly between the two extremes, providing a straightforward, user-friendly, and cost-effective method for efficient risk management. Here are the main factors that make risk management platforms both easy and highly effective:

1. Fastest Time-to-Value

A risk management platform should be quick to configure and seamlessly integrate into your existing processes. This means you can start reaping the benefits of advanced risk management in a matter of weeks, not months.

2. A Simple Way to Demonstrate Compliance

A risk management platform should help you remain compliant with regulations and maintain transparency with stakeholders, ensuring trust and credibility in your business operations. It streamlines compliance processes and makes them easily manageable.

3. Making Risk Management a Performance Driver

Standardized evaluation processes and follow-up procedures provide consistent and efficient workflows across your organization, making risk management a performance driver rather than a burden.

4. Stay on Top of Your Progress

Automating progress reporting saves valuable time and resources. You’ll be able to provide accurate and timely updates on your business performance without the hassle of manual reporting.

Granite is not just software

it’s a transformative tool that can shape the future of your organization’s risk management. With over 200,000 satisfied users across the globe and a track record of serving various industries, Granite is a trusted solution for streamlining processes and effectively managing risk. Don’t settle for messy spreadsheets or overly complex systems; choose the practical best practice with Granite and take control of your risks while seizing opportunities. Book a demo today and see the difference for yourself.

Take a first step towards risk management practical best practice in your organisation – book a 15 min demo now!

Artikkeli The Practical Best Practice for Risk Management julkaistiin ensimmäisen kerran Granite.

Aalto University is an international university established in 2010, operating in the fields of technology, science, economics, and the arts. Formed through the merger of the Helsinki School of Economics, University of Art and Design Helsinki, and Helsinki University of Technology, Aalto University is named after the architect Alvar Aalto.

Aalto University has around 17,500 students and approximately 4,000 employees, including about 390 professors. The university’s six schools specialize in four key areas of expertise: ICT and digitalization, materials and sustainable use of natural resources, art and design, and business in a changing international environment.

Comprehensive risk management and safety are at the core of an organization that conducts diverse research, artistic activities, and teaching. Aalto University uses Granite’s digital tool for two areas of comprehensive risk management: occupational safety risk assessment (workshop and laboratory environments as well as office environments) and incident reporting (occupational safety and security).

Granite’s digital tools

Understanding the common principles of occupational safety and workplace risk management is crucial in Aalto University’s international and multicultural operating environment. Ensuring the health and safety of the work environment is essential for students, employees, and visitors alike.

“Modern systems and tools enable the development of work risk management and enhancement of occupational safety.”
Tiina Okkonen, Senior Specialist in Occupational Safety and Health, Aalto University

The development of workplace risk management at Aalto University is an intricate process that is continuously maintained. In the multidisciplinary world of research and teaching, needs grow and evolve, and the organization must be able to respond – ideally, in advance and during the planning phase.

Participatory and preventive work improves occupational safety. Aalto University is one of the largest universities in Finland, and the nature of its activities is rarely static. Especially with the advent of the pandemic and other global phenomena, the nature of work at the university has been changing. This had to be taken into account in workplace risk assessments.

“Granite has brought uniform principles to workplace risk assessments and provided insights into the development of these risks and threats.”
Tiina Okkonen, Senior Specialist in Occupational Safety and Health, Aalto University

To produce results and enhance workplace safety, workplace risk management must be continuous and well-managed. Transparency of risks is emphasized in Aalto University’s workplace risk management. With Granite’s system, the status of work risks can be examined, and actions can be promoted in a guided and standardized manner. The maturity level of workplace risk management, expertise, and the level of safety culture efficiently develop as part of normal work when everyone participates in occupational safety risk assessments and incident reporting.

At Aalto University, everyone has the opportunity to report incidents. This way, important information about near-miss situations is collected. When incidents can be investigated according to uniform criteria, their root causes can also be identified and corrected to prevent recurrence.

“The development of workplace risk management and workplace safety requires up-to-date information. Granite is clear and easy to use.”
Tiina Okkonen, Senior Specialist in Occupational Safety and Health, Aalto University

Occupational safety is a shared responsibility, and it won’t develop if the tools enabling its development remain limited to a narrow and restricted group. At Aalto University, occupational safety and workplace risk management have been approached by decentralizing the process of conducting occupational safety risk assessments to departments and units. This creates a precise, standardized picture of risks in each department, but also provides up-to-date information about the overall workplace risk situation across the organization.

“The Granite systems we use enable a proactive approach to workplace risk management.”
Tiina Okkonen, Senior Specialist in Occupational Safety and Health, Aalto University

The development of workplace risk management and safety in the university setting doesn’t happen on its own. It requires continuous effort and long-term commitment. Visibility into the larger picture of workplace risk management and safety allows corrective actions to be targeted effectively, ensuring they are implemented practically. However, this requires systematic commitment to workplace risk management, regular updates of risks, and an understanding of one’s own operating environment.

Granite’s usability and reporting have laid the foundation for systematic development of occupational safety at Aalto University. Risks, threats, and incidents related to work are identified and addressed, preventing their recurrence. Granite’s adaptable system and its reporting capabilities support Aalto University’s needs in developing its safety culture and guide safety improvement initiatives.

Artikkeli Workplace Risk Management and Occupational Safety julkaistiin ensimmäisen kerran Granite.

Anora Group Plc is a Finnish-Norwegian publicly traded company that was formed in 2021 through the merger of Altia Plc and Arcus ASA. As a result of the merger, the company has become one of the leading brand houses for wines and spirits in the Nordic region.

Operating in seven countries, Anora’s revenue in 2022 was approximately 702 million euros. As a company with a wide range of brands, Anora exports its products to over 30 markets. The company also engages in industrial activities, including distillation, bottling, and logistics services, as well as the production of technical ethanols, beverage ethanol, feed raw materials, and barley starch.

Anora employs around 1200 professionals. In pursuit of global growth through a responsible business strategy, systematic risk management plays a crucial role in Anora’s operations.

“With Granite, we gain a real-time view of the entire risk situation in our operations.”
Roger Saarikangas, Director, Procurement, Facility, and Risk Management, Anora Group Plc

Anora Group Plc uses comprehensive risk management as a tool for leadership to advance strategic goals at a practical level. Anora Group’s risk management is built on the risk management policy set by the leadership. Integrating risk management into leadership and decision-making processes understandably creates extensive data needs, so risk management must be based on comprehensive risk identification. Successful business in a global operating environment requires consistent risk management principles, uniform risk identification and assessment, and the ability to provide a transparent overall view of the organisation’s risk situation.

Traditional risk management tools and models that emphasise compliance alone do not always serve forward-looking business objectives in the best possible way. While traditional tools allow for data collection and a certain degree of accountability, their reported view of the risk situation is insufficient for proactive actions due to its static nature. Comprehensive risk management requires more than just meeting minimum requirements.

“You can only manage business risks when you are aware of them. Granite provides visibility into the entire risk situation.”
Roger Saarikangas, Director, Procurement, Facility, and Risk Management, Anora Group Plc

Effective and goal-oriented risk management gathers crucial information about the risk situation and risk levels of operations. Therefore, risk data must be collected quickly and in a standardised format.

Granite has elevated the practices of our risk management to a new level. While information about risks, threats, and risk-related events and deviations had been collected earlier, the rapid growth and development of the business required more extensive data analysis. Previously, risk data was stored within the company’s intranet, and analysis relied on standard spreadsheet-based assessment templates. Although the traditional operating model mostly aligns with the best principles of risk management, maintaining a comprehensive risk management package is more labor-intensive and time-consuming without the right tools. A unified risk management system provides structure to risk management that everyone can follow. Simultaneously, it streamlines risk management work by standardising risk assessment and reporting methods. This way, data is put to good use.

“Granite reporting adds concreteness to risk management.”
Roger Saarikangas, Director, Procurement, Facility, and Risk Management, Anora Group Plc

Risk management practices practically guide the organisation’s operations. Therefore, when developing a risk management model, one must consider both business objectives, critical data needs for decision-making, and the organisation’s risk management culture and maturity level. Understanding one’s own operations helps create a risk management process that promotes goals while enhancing organisational resilience. While risk management software, systems, or tools do not inherently lead risk management in one direction or another, they are essential when risk management needs to be led in a structured manner.

Anora Group Plc’s risk management model is tailored to the organisation’s needs and is systematically developed in relation to these goals. Therefore, risk management systems must be able to adapt and evolve along with the users’ risk management needs.

“Granite has supported the development of our risk management and has agilely adapted to its changing needs.”
Roger Saarikangas, Director, Procurement, Facility, and Risk Management, Anora Group Plc

The responsibility for developing Anora’s risk management rests with the risk management team, which reports on the risk management situation and development to the executive team and audit committee. Harmonising and quantifying risk assessment allows measuring the risk situation with the same principles as other areas of the business are measured.

Risk management can include various perspectives even when implemented throughout the organisation; in Anora’s operations, for example, risk assessment at factories occurs on a very different scale than strategic risk management work serving the information needs of the executive team.

It is natural that the degree of risk management deployment is directly related to the organisation’s risk management maturity level, as it reflects not only operating models but also the goals set for risk management. As part of Anora Group’s strategic work, risk management affects several different business units and operational functions, where managing the risk situation is critical not only to meet customer needs but also for the integrity and resilience of partner and supply networks.

“With Granite, we communicate our risk management needs understandably in relation to our goals.”
Roger Saarikangas, Director, Procurement, Facility, and Risk Management, Anora Group Plc

Identifying current threats and risks and taking timely corrective actions are essential for the success of any business. Risk management is a tool for development and should always be part of a company’s financial and operational planning.

Anora Group’s growing risk management needs, both in terms of business risks and continuity management, have benefited from Granite’s flexible and easily maintainable tools. Risk management is always a part of everyday business at Anora Group, and it strives to guide the process professionally and expertly.

When the risk management process is under control and regularly reviewed, it can be developed into concrete actions. This helps Anora Group avoid risks and ensures that its business is safe and sustainable.

Anora Group – Evolving Risk Management in a Global Operating Environment

Well-planned risk management enables proactive business planning, rather than market changes forcing hasty decisions and reactivity. The successful development of risk management at Anora Group Plc has required defining work and accountability.
While user-friendliness of risk management tools is essential, their use requires the organization’s commitment and responsibility for identifying and managing risks.
Granite’s risk management system features have helped Anora identify bottlenecks in its risk management and enabled the continuous development of risk information. As a result, the foundation for decision-making has become stronger and more capable of responding to market changes and demands. Decision-making based on up-to-date, readily available risk information is key to implementing the strategy and promotes the company’s resilience.

Artikkeli Evolving Risk Management in a Global Operating Environment julkaistiin ensimmäisen kerran Granite.

Oma Säästöpankki Plc is Finland’s largest independent savings bank, aiming for excellent, personalized service in local branches and online. The bank focuses on retail banking, with key customer groups including individual customers, small and medium-sized enterprises, as well as agricultural and forestry operators.

Oma Säästöpankki has 45 branches across different parts of Finland, over 200,000 individual and business customers, and a staff of approximately 450. The rapidly developing business requires a determined approach, making efficient and precise risk management essential to ensure continued development.

“Systematic risk management requires appropriate tools.”

Kimmo Tapionsalo, Chief Risk Officer, OmaSp

As a financial industry player, OmaSp’s operations are defined by both EU and Finnish regulatory obligations. Compliance with risk management requirements is a vital aspect of the banking sector’s business operations and principles of internal control. OmaSp’s risk management adheres to a risk management policy approved by the board, whose mission is to ensure that the company’s significant risks are identified, assessed, measured, and that risks are monitored and managed as part of daily business management. Regular risk assessments, actions based on them, an analysis of the operating environment, and systematic risk monitoring promote systematic and proactive risk management, enabling safe business development.

OmaSp’s risk management framework is based on the three lines of defense principle, with the first line being business operations, the second being risk management and compliance, and the third being internal audit. The role of the risk management function is to identify the risks related to business, maintain, develop, and prepare risk management principles, which are reported to the bank’s board and senior management.

“Granite brought a unified structure to risk management.”

Riikka Yli-Kauppila, Risk Manager, OmaSp

Risk management is a significant support for decision-making and leadership in the banking sector. Effective and goal-oriented risk management gathers crucial information about the risk situation and risk levels of operations. Therefore, risk data must be collected quickly and in a standardised format.

With Granite, OmaSp’s risk management practices have reached a new level. While risk data was collected earlier within the company’s intranet, and analysis relied on standard spreadsheet-based assessment templates, the rapid growth and development of the business required more extensive data analysis. Although the traditional operating model largely aligns with best practices in risk management, maintaining a comprehensive risk management package is more labor-intensive and time-consuming without the right tools. A unified risk management system brings structure to risk management, which everyone can follow. At the same time, it streamlines risk management work by standardising risk assessment and reporting methods. This way, data can be put to good use.

“With Granite, the entire organisation’s risk management follows the same principles.”
Kimmo Tapionsalo, Chief Risk Officer, OmaSp

The introduction of Granite’s risk management tools has brought changes to OmaSp’s risk management. Previously, manual steps that slowed down risk management have been automated. Guided risk assessment produces standardised and comparable information about the state of risk management. The quality of risk management functions has become more consistent than before. Risk assessment, management, and control have been brought into regular frameworks.

“With Granite, you communicate the risk situation consistently.”
Peter Lindblad, Risk Management Manager, OmaSp

Financial companies require efficient and systematic risk management. OmaSp’s risk management needs have evolved with the ambitious growth of the business, which requires increasing adaptability and customisation of risk management tools and systems. Effective communication of the risk management situation throughout the organisation and agile data collection and analysis are essential. Automatic functions support development and the advancement of measures, but the challenges and bottlenecks of systematic risk management development are not resolved solely by software solutions. Visibility of risk management in the operational core, data, and analysis helps understand the importance of risk management work, but the breakthrough of risk management culture requires the right mindset and everyday work. In OmaSp, Granite’s risk management solutions are part of this important goal.

OmaSp – Agile Risk Management with Granite

Risk management is an important support function for decision-making, which examines business comprehensively. Often, the essence of risk management is lost in securing basic operations, but systematic development of risk management allows for the development of risk management expertise and a more comprehensive understanding of its overall impact. Risk management belongs equally to the business management and the front line of operational activities. Granite’s risk management tools provide a guiding structure for this.

Artikkeli Systematic Risk Management and Development in the Banking Sector julkaistiin ensimmäisen kerran Granite.

Vaultex is a UK-based Cash Management business committed to its vision of delivering a best-in-class service. Vaultex provides its customers with a highly efficient, adaptable, and cost-effective service whilst also looking to innovate and prepare for tomorrow’s challenges. Operating within the cash industry, however, means that Vaultex must remain fully compliant with the requirements of several regulatory bodies, including the Bank of England and Royal Mint, as well as manage the significant risks that go hand-in-hand with operating in this sector, ranging from theft, errors, Health & Safety, technology & infrastructure right up to Cyber and strategic risks. With this in mind, Vaultex recognises the critical importance of effective risk management. In 2018, Vaultex embarked on a transformative journey to streamline its risk management processes and establish a holistic risk management culture. Collaborating with Granite, a trusted partner, Vaultex achieved remarkable success in enhancing its risk management capabilities.

Challenges: Simplifying Fragmented and Complex Risk Management

Before 2018, Vaultex faced the daunting challenge of managing a fragmented and complex risk management framework. To tackle this challenge, Vaultex initiated a comprehensive restructuring project. The first steps were:

• Simplifying risk management
• Aligning the organisational culture
• Developing an understanding of how risk management drives business growth and informed decision-making
• Building processes to support efficient risk management.

The team worked with senior leadership to fully understand and define the company’s risk appetite and develop a robust risk management strategy. Streamlining frameworks, optimising processes, and clarifying roles and responsibilities became imperative to eliminate unnecessary complexities. Vaultex’s reliance on spreadsheets (as well as other tools such as Powerpoint, word & SharePoint) for risk management soon highlighted  Microsoft Office Suite’s inefficiencies, difficulties, and time-consuming nature, underscoring the need for a more automated solution. It was time for phase two of the project: finding a tailored solution that catered to the organisation’s needs. 

Granite’s Solution: Streamlined and Tailored Risk Management

Vaultex sought a software solution that could automate risk management functions, promote transparency, and provide comprehensive support for strategic and operational work. Extensive research led them to Granite, which perfectly addressed their needs. Granite’s practicality and ability to deliver essential functions without unnecessary features resonated with Vaultex. 

“Out of all the options out there Granite became our overwhelming favourite.”

Gary Ellison, Senior Risk Manager at Vaultex UK Ltd.

The modular nature of Granite provided the flexibility to select specific modules or components, optimising costs by paying for only what they utilised. This approach helped to facilitate budget committee approvals for the new software. Additionally, the solution’s customisation capabilities allowed Granite and Vaultex to collaborate closely, tailoring the software to align with Vaultex’s unique requirements precisely.

“We did a lot of bespoke work to Granite in the background to make the solution suitable for Vaultex. That flexibility was highly beneficial.”

Gary Ellison, Senior Risk Manager at Vaultex UK Ltd.

Implementation: Seamless Integration and User-Friendly Interface

Implementing Granite proved to be a seamless process for Vaultex. The software’s user-friendly interface facilitated easy adoption and understanding among Vaultex employees. Granite’s integration went smoothly from the initial project kickoff to implementation and training. Employees grasped the system’s purpose, functionality, and usability, embracing it as a valuable tool to drive efficiency and save time.

“We all liked what we saw; we could immediately see the value it would add going forward. And let’s be honest, as a manager, anything that can gain you efficiency or save you a bit of time, you’re automatically going to like.”

Gary Ellison, Senior Risk Manager at Vaultex UK Ltd.

Unlocking Efficiency and Effectiveness: Vaultex’s Journey to Risk Management Excellence

The implementation of Granite has been transformative, liberating Vaultex from the limitations of spreadsheet-based risk management. By embracing Granite’s automation capabilities, Vaultex streamlined processes and established consistency throughout the organisation. Integration into project management practices enabled a consistent approach across workstreams, eliminating individual preferences and variations in spreadsheet usage. Vaultex now benefits from standardised reporting and information.

“We have only scratched the surface of what we can do with Granite going forward. So, it’s pretty exciting to see what features Granite has got coming up.”

Gary Ellison, Senior Risk Manager at Vaultex UK Ltd.

Conclusion: Empowering Risk Management for Future Success

Through their collaboration with Granite, Vaultex successfully transformed its risk management framework, overcoming the challenges of a fragmented and complex system. Granite’s solution empowered Vaultex to streamline processes, enhance efficiency, and foster a culture of risk awareness. As a result, Vaultex is well-equipped to navigate the dynamic landscape of the Cash Management industry, bolstered by a robust risk management foundation that ensures its continued success and resilience in the face of uncertainty.

“This cooperation has been a massive success for Vaultex. The level of service that Granite gives us is fantastic. I can comfortably recommend Granite to any business”.

Gary Ellison, Senior Risk Manager at Vaultex UK Ltd.

Read more on how we have helped other customers from the Finance sector and see if we’re a right fit for you as well!

Artikkeli Empowering Risk Management Excellence for Cash Management julkaistiin ensimmäisen kerran Granite.

The development goals of the City of Tampere have been defined, taking into account the future factors of change, in cooperation with the city’s personnel, residents and stakeholders. Systematic risk management is a tool for achieving Tampere’s strategic goals.

Strategic management requires consistent and dynamic risk management.

Annina Nääppä, Risk Manager, City of Tampere

Comprehensive risk management is a management tool that is used to promote strategic goals at a practical level.
The city administration’s ambition to incorporate risk management into decision-making and management is at the core of risk management at the City of Tampere.
In the municipal sector, the principles of risk management have traditionally been understood particularly from the perspective of legislation and guidelines, which is why risk management has in many cases remained at the level of minimum requirements, such as statutory reporting.
However, the operating environment of municipal operators is undergoing a major change, and the old models and principles are not sufficient to support the needs of strategic management. Therefore, the goals of the multi-sectoral organisation of the City of Tampere specifically require the development of the risk management process in order to be realised.

With Granite, we created visibility into a multi-sectoral organisation’s risk management.

Annina Nääppä, Risk Manager, City of Tampere

When it comes to developing a city group consisting of several very different service areas, operating units and city-owned enterprises, there is no shortcut or silver bullet that could eliminate the challenges once and for all.
Risk management is continuous work, and at the City of Tampere, risk management examines multi-sectoral activities in several subordinate organisations whose activities are critical to the well-being of local residents.
The City of Tampere’s risk management is working to put the city strategy into practice, but particularly in a frequently changing operating environment, things do not happen of their own accord.

When the City of Tampere started to work on its risk management process, the lack of visibility was identified as the primary obstacle to the development of risk management. The risk management tools and models that had traditionally been considered adequate for the multi-sectoral organisation did not meet the current need or purpose. Challenges related to communications about the risk situation were identified as another major issue.

Information on risk identification and corrective measures is important for successful management. Risk management is a tool for development, and risk management is ideally part of, for example, the planning of the organisation’s budget and operations, whether the risk situation is reviewed at unit level, service area level or city level. For Tampere’s growing risk management needs, the most traditional risk management tools were too rigid and difficult to maintain in a large organisation. They were unable to support the evolving risk management, even if the process was managed with expertise and professionalism.

The right tools enable strategic risk management.

Annina Nääppä, Risk Manager, City of Tampere

The maturity level of an organisation’s risk management must be developed in relation to its risk management goals. Compared to the principles of modern management, traditional risk management methods serve determined decision-making.
In the risk management work carried out at the City of Tampere, the risk profiles tended to remain static. Where required by regulations or reporting needs, risks were mapped and identified for reporting purposes, but even high-level risks were not necessarily always assigned sufficient control measures or clear deadlines for their implementation. The risk management process was inadequate, and the outdated Excel-based tools did not properly support the systematic management of risks.

Granite provides a systematic framework to risk management. Transparency, a guided process, the clear assignment of responsibility for measures and a better information flow enable the development of risk management and a dynamic approach.

Annina Nääppä, Risk Manager, City of Tampere

Risk management does not only mean the tools or systems used for risk management. In the operations of the City of Tampere, it meant a comprehensive change of approach.

The goal of the City of Tampere’s risk management was to create a process in which risk management is a development tool that can be used to identify, prioritise and systematically monitor management and development measures related to strategic goals.

The city wanted risk data to be more consistent, uniform and up-to-date for use in development and decision-making.
When the risk management process is consistently managed and reviewed, risk management can be developed into concrete measures, instead of it being an Excel exercise done once a year and then ignored for the rest of the year.

Changing the operating model of risk management requires the organisation to have the right mindset and resources, but also training and monitoring. The selected tools must support the process and adapt to the goals of the operations. The City of Tampere wanted to implement its risk management throughout the organisation and chose Granite’s customised risk tools as its system.

City of Tampere – concrete risk management with Granite

With appropriate tools, risk management can be conducted proactively as part of business planning rather than reactively. The development of risk management at the City of Tampere has not been a straightforward operation, but it has required specifications to be made and responsibilities to be assigned.

The ease of use of the risk management system is important for the practical implementation of risk management, but no risk tool does risk management on behalf of the organisation.

However, Granite’s visual reporting features highlight the bottlenecks in risk management and enable the development of risk data and risk management expertise. With Granite, the city has been able to update the risk profiles to reflect the situation as it is. This enables informed decision-making and brings efficiency to the implementation of the city’s strategy. Risk management implemented across the entire organisation enables the realisation of the strategy and supports the development of a resilient city organisation.

Read more on how we have helped other customers from the public sector and see if we’re a right fit for you as well!

Artikkeli City of Tampere — Strategic risk management julkaistiin ensimmäisen kerran Granite.

The Heart Hospital employs more than 700 professionals specialised in the treatment of cardiac conditions, about 100 of whom are doctors. The multidisciplinary expertise of the Heart Hospital’s personnel ensures a seamless, reliable and safe treatment experience for the patient.

Granite has brought a systematic approach to our risk management.

Timo Porkkala, Anaesthesiology and Intensive Care Service Manager, Chief Medical Officer

Risk management is a critical tool in knowledge-based management that enables goals to be put into practice.
At the core of the Heart Hospital’s operations and development is the patient, with a seamless, timely and effective care pathway as the starting point. Identifying and assessing risks is, in principle, an important part of the work carried out at the Heart Hospital, and the safety of both patients and personnel is systematically developed.
The Heart Hospital’s risk management focuses on the processes related to the patient’s care pathway, through which the entire Group’s operations are reviewed. This work is already guided by legislation and regulations, but also by the Group’s own qualitative objectives.
The Heart Hospital used to have Excel as its risk management tool, but it was not sufficient to achieve the goals set for quality and risk management. There was a need for an appropriate alternative to the rigid risk register, which was difficult to use and maintain, and the Heart Hospital chose Granite’s risk management and safety tools for its risk management.

Modern risk management requires appropriate tools.

Anne Iisakka, Head of Safety and Risk Management

The hospital is a traditional operating environment, and the development of risk management requires clarification of whose responsibility risk management is. Hospital work takes place in a demanding work environment, and misjudgements can have critical consequences. Therefore, decisions and choices must be based on knowledge. Systematic risk management methods enable important information to be collected as accurately, consistently and uniformly as possible.
Risk management and safety at the Heart Hospital are thought of as a whole. The core work is carried out by an agile team of specialists, who report on the risk situation of risk management to the management level, but who are also responsible for the practical implementation of risk management.

Granite has brought visibility to the actual status of risks.

Timo Porkkala, Anaesthesiology and Intensive Care Service Manager, Chief Medical Officer

The Heart Hospital’s senior management has adopted the principles of risk management, and the development of risk management is regularly reviewed, especially with regard to strategic risks. At the level of the everyday work of the Heart Hospital, which is the closest to patient work, the situation of the hazards and risks of the work is assessed.

In hospital work, risks are always present and everyone has to consider the risks in their work. It is, therefore, important for risk management that the risks identified in practical work are recorded and made visible so that they can be effectively controlled. With Granite’s risk management tools, the Heart Hospital has adopted a more systematic approach to risk management, which enables a more effective response. Information related to risks and risk management is also largely communicated through Granite. This way, it can be monitored.

The development of risk management and safety is not a simple matter that takes place on its own. The attitude, particularly that of management, determines how risk management is implemented in practice. The Heart Hospital is committed to developing its operations and decision-making, and risk management supports this. The ISO 15224 certificate granted to the Heart Hospital also guides the implementation of standardised risk management.

RiskienThe unique needs of risk management require solutions that support them.

Timo Porkkala, Anaesthesiology and Intensive Care Service Manager, Chief Medical Officer

No operating environment is static, but change is constant. Risk management will never be fully completed, and the safety situation will evolve over time. Therefore, the development of risk management and safety at the Heart Hospital requires active monitoring and resources for response. Determined work has improved the maturity of risk management at the Heart Hospital, but at the same time it has brought to light new issues that need to be taken into account. When risk management is put into practice and implemented as part of everyday operations, both the provision of information and training play a crucial role. Appropriate risk management tools make risk management transparent and highlight the identified risks, but at the same time the monitoring tools guide the personnel’s risk competence.

As a result of the risk management work carried out, the risk management needs of the Heart Hospital have increased, evolved and changed. Granite’s customised risk management tools have enabled the development and fine-tuning of the risk management framework. It is, therefore, important for evolving risk management that the tools adapt to the needs and goals of users, not the other way around.

Tays Heart Hospital – risk management with Granite

The benefits of risk management in a modern operating environment are indisputable, but the solutions to its challenges may not be as clear-cut. The risk situation cannot be changed overnight. Risk management cannot be developed using traditional Excel methods or Granite’s risk management software if the organisation does not have the right attitude and a goal-oriented approach to risk management.

In the world of health care, organisations are large and operations multidimensional, which is why the risk situation is constantly changing and evolving. Therefore, risk management and the solutions supporting it must be flexible and allow for a response to changes.

Risk management is worth the effort in the hospital world, too. Systematic and consistent risk management results in the creation of a responsive, results-producing organisation that is able to channel the necessary resources to where they are needed.

Granite has provided the Heart Hospital with a risk management software package that has been adapted to support the evolving needs of its operations. When done properly and intentionally, risk management builds maturity, which will carry far into the future in operational activities and enable the realisation of strategic goals.

Read more on how we have helped other customers from the Healthcare sector and see if we’re a right fit for you as well!

Artikkeli Tays Heart Hospital – systematic risk management julkaistiin ensimmäisen kerran Granite.