Is it reasonably foreseeable? A guide for legal and compliance professionals on how to run a risk workshop

Feb 21, 2024

Untold Compliance Donoghue v Stevenson

The Preframe: What’s coming up in the article

This edition of the Untold Compliance article is dedicated to RISK

The word risk can be traced back to the Latin word resecum (meaning the one that cuts). This was a nautical expression used to define the cliffs which threatened the ships and any danger to sailors and naval trades.  Since this origin, Risk has had many definitions, been used in many different industries and spanned many decades.

It’s also a concept that the legal profession has been talking about for almost 100 years (I explain why below). But ask us to run a risk workshop and it can seem daunting if we don’t have prior experience. That’s why in this letter I seek to do three things:

  1. explain why I believe that the concept of risk, as we know if today, was born out of an English case in the 1930s
  2. demystify risk workshops for legal and compliance professionals. I go through the traditional approach as well as the not so talked about issues that we also need to consider.
  3. uncover the hidden risk that is most overlooked that we need to consider when running risk workshops, backed up by the amazing work of a leading psychologist.

But before I go through this, I start with my first encounter with risk and why I believe the legal profession first developed this concept through a case about a snail and ginger beer.

 

What you will learn in this article:

  1. How legal started the risk profession

  2. What it means to facilitate a risk workshop

  3. What underpins any risk workshop

  4. The role of a facilitator

How legal started the risk profession

I’m 18 years old and walk into an enormous lecture theatre in Leeds (the north of England), as old style as you get, with a 70-year-old lecturer standing at the front with a pile of notes and a whiteboard behind him. I was late and my only seat was perched right at the back of the theatre.

It’s week one and I am in Tort 101 studying negligence. It was in this lecture with a notebook and pen scrappily strewn across my lap, that I was introduced to a name on the whiteboard that I will never forget, and which was probably where I fell in love with law.

Donoghue v Stevenson (1932). The “snail in the bottle” case. Bear with me for a few sentences if you will so I can tell the tale of poor Mrs Donoghue.

In short, Mrs. Donoghue fell ill after drinking ginger beer that contained a decomposed snail, purchased from a cafe in Paisley, Scotland. Mrs. Donoghue had consumed it without realizing its contents. As a result of drinking the contaminated beverage, she suffered severe gastroenteritis.

She did not take this lightly and sued the manufacturer of the ginger beer, David Stevenson, claiming he had negligently allowed the snail to enter the bottle during the bottling process.

The case eventually made its way to the House of Lords who ruled in favour of Mrs. Donoghue. In his ruling Lord Atkins famously stated that individuals must “take reasonable care to avoid acts or omissions which you can reasonably foresee would be likely to injure your neighbour.” This became known as the “neighbour principle”.

Little did I know but this was the ultimate lesson in the concept of risk identification through the lens of reasonable foreseeability. Should a reasonable person (with similar knowledge and circumstances) anticipate or reasonably predict the potential consequences of actions or decisions. In other words, what’s the risk?

I was hooked! And I was never late for this class again.

Then the DOJ followed

40 years later in 2023, the U.S. Department of Justice Evaluation of Corporate Compliance Programs asks us to consider

“…whether [our] program is adequately designed for maximum effectiveness in preventing and detecting wrongdoing by employees and whether corporate management is enforcing the program or is tacitly encouraging or permitting employees to engage in misconduct.”

In other words, is the wrongdoing reasonably foreseeable and have we prevented it or are we encouraging it?

What it means to facilitate a risk workshop

Risk is not a scary word. I have watched it go from being a misunderstood word, to an avoided work, to a word that is part of the general hygiene of an organisation and project.

Risk was not an official part of the Legal qualification 25 years ago (instead it was disguised in case law). However, 20 or so years later, when I completed my Legal Practice Management Course at the College of Law, risk management was a key part of the course.

I now use risk assessments in all my projects, from introducing a whistleblowing program, to rolling out a training strategy to rolling out a new policy. Risk workshops with multiple stakeholders are an invaluable tool to bring everyone together to collectively utilise diverse skills and perspectives, agree objectives and identify what could get in the way of achieving those objectives

But here’s the thing, I do not, regard myself as a risk professional. I regard myself as a legal and compliance engagement professional. Someone who uses creativity to help engage people to participate in legal and compliance initiatives.

The point is that risk is no longer limited to risk professionals but is a part of all our roles in legal and compliance.  That means we need to get our heads around it and start using it in practice

What underpins any risk workshop?

Whilst often unspoken, it is perhaps the most important part of the risk workshop and underpins many of the risks discussed by participants.

It’s more formidable than even the most powerful of computers. It’s what can process huge quantities of information and translate them back to the control centre in a nano second.

What is it? It’s the millions of little things that make up a person. It’s our subconscious, which contains all the stored information about everything we have ever experienced. It influences how we react to things and the decisions we make about things.

It’s why our decisions are not simply made up of the logical reasoning we think they are. For example, why you are reading this article? It’s not just because it makes logical sense, as you consciously think. You are, in fact, reading it because of every belief, value, memory you have ever had.

And if that’s something that you believe or can relate to consciously, then you will perhaps agree that it also influences every part of human behaviour and life, including decisions and information about risk and compliance.

If you need further persuasion, check out the work of Professor Adrian Wells, a prominent British clinical psychologist known for his research on cognitive models and cognitive therapy for anxiety disorders.

He developed the metacognitive model of psychological disorders, which proposes that it is not the content of thoughts but rather the individual’s beliefs and processes about their thoughts that contribute to psychological distress. According to this model, beliefs, such as rumination, worry, and threat monitoring, play a crucial role in perpetuating and exacerbating mental health problems. It’s the same when it comes to risk. There will always be beliefs and ways that we think that influence our thought and therefore influence our behaviour.

Because I am as passionate about risk and compliance as I am about art and behavioural science, I wanted to share my thoughts and experience about how to use behavioural science and our subconscious when it comes to facilitating risk workshops.

The risk workshop decision

Welcome to the decision and persuasion stage. Why do you need a risk workshop?

Why not just send round a risk register and ask for it to be updated?

Here’s the logical reasons:

  1. A risk workshop provides participants with a holistic view of the business, allowing them to gain insight beyond their immediate surroundings.
  2. By leveraging diverse perspectives and expertise from various departments, gaps in risk identification can be identified and mitigated, fostering ownership of risk among multidisciplinary teams.
  3. Knowledge is power in risk management. The greater our understanding, the better equipped we are to anticipate and address potential challenges. By tapping into collective intelligence, we enhance our capacity to predict outcomes and ensure success.

And here’s the non-logical but equally important reasons:

  1. Risk identification extends beyond the obvious hazards to encompass potential blind spots. The ones we haven’t thought of.
  2. Collaborative perspectives are invaluable, offering insights and viewpoints we may have overlooked on our own. We can’t do it alone.
  3. Engaging others is essential, particularly when addressing risks or proposing solutions that may face resistance within the organization. A well-facilitated group setting fosters open dialogue and facilitates challenging conversations.

The role of a facilitator

It starts with understanding that we are not here to uncover what people already know or can anticipate; we are here to help others uncover what is beneath the surface. To consider what may be reasonably foreseeable.

That’s why our role is about helping participants to see into the future without a set idea of what that future looks like. It’s about bringing together a group of people to collectively produce something that would not be possible if they worked alone.

Let’s consider the traditional role of a facilitator in a risk workshop:

  1. lead participants through a process of group knowledge capturing
  2. ensure that the group captures all relevant risks and management of these risks
  3. be objective and focus on ways that the group can work together to achieve the objectives
  4. set and agree agenda
  5. seek feedback

Now, let’s consider what the role really is if we focus on supporting people through their subconscious thoughts:

  1. be a guide when they lose their way
  2. motivate people to speak and keep people engaged
  3. manage people’s emotions
  4. read people (even if you are holding the workshop virtually)
  5. see what’s really going on

These last 5 parts of the role require attention to micro pieces of information that you would miss if you weren’t searching for them. It’s looking for non-verbal cues. This might include tone or pitch of voice, movements, eye contact or lack of it and your own intuition.

These non-verbal cues can, however, be supplemented through a little bit of research and the first stage of the risk workshop, what I call the pre workshop.

In fact, I have three stages of the workshop:

  • Stage 1: The pre workshop communications, principles and review
  • Stage 2: the workshop
  • Stage 3: the post workshop

The Postframe

I have put together a guide, setting out the three stages of the workshop, which include

  • Principles to share with workshop participants
  • A guide to a pre-session presentation and what to include
  • The elements of the risk workshop
  • Tips and Tools for Successful Facilitation If you want a copy, please just DM me or add a comment in the messages.

A warning about the guide

This guide diverges from typical facilitation and risk workshop guidance.

From the decision to run a workshop to its conclusion, I offer insights from the facilitator’s perspective and tools (including suggested principles and pre-facilitation slide layout or word document) that you can use within your organisation.

This guide does not delve into building assessment and response plans, extracting lessons learned, or creating standardized risk identification approaches. Instead, it centres on facilitation techniques to maximize workshop outcomes.

Over to you

  • Learn the art of the Reframe, Preframe, and Post-frame: Attend my complimentary Frame Training Method™ workshop. It is on weekly each Tuesday or Wednesday (depending on where you live). Register below to get details of weekly sessions and to get on the list for future sessions. CPD points will be awarded.

 

 

Thanks for reading

Nicole