Risky business: Why are businesses shy talking about risk?

March 23, 2018

By James Bradley

Risk isn’t a dirty word, but from the way businesses avoid mentioning it, it ranks right up there with the worst of them. Risk governs the way most organisations operate and no more so than in the FM space: financial risk, operational risk and reputational risk are all impacted by facilities management, and particularly the delivery of hard FM.

But many organisations choose to bury their heads in the sand and focus on the other things. At a recent BIFM Leaders Forum around the topic of Hard FM compliance, sponsored by Churchill Compliance, one participant reported that a client was more worried about engineers having tattoos rather than the risk of non-compliance with legislation.

While a heavily-inked engineer in the reception area of a swish legal firm might not be want the client expects, the impact is likely to be relatively limited. A huge fine, buildings being closed and your organisation’s name being splashed across the headlines because your non-compliance killed people in a building will have a much greater impact. Just look at the experience of Barrow-in-Furness council in 2002 whose arts centre was non-compliant with legionella laws which resulted in the deaths of seven people, 172 people contracting Legionnaires Disease and a highly-publicised trial of both the council and the architect which lasted several years. Would anyone have minded if a legionella testing engineer had had a few tattoos?

While some organisations choose to outsource their facilities management, they cannot outsource risk (however much they might want to). As I said in a previous blog, the reality is that if something goes wrong, it will be the client organisation which bears the brunt. Not just of any financial penalty, but also the reputational damage if the transgression becomes public knowledge. And that’s without any lapse in compliance having caused damage to property or, worst still, people. A Business might think they outsource risk when they outsource their hard FM compliance, but the reality is that they will suffer if it’s not done properly.

They remain the duty holder and the organisation responsible for being compliant. This means they must be aware of the relevant regulations in the FM space, just as they are aware of employment law applicable to their colleagues, or the laws governing their particular area of business.

Nobody expects a client organisation to have an in-depth knowledge of hard FM compliance – after all that’s the job for the service provider, and it can be challenging even for them. But they should have a general understanding of what compliant looks like (or hire a consultant to do it for them) and ask their service provider for complete compliance transparency.

I urge businesses to ensure they have an understanding and transparent view of their risks. And to be prepared to ask the difficult questions, to have the awkward conversations, and to put their service provider on the spot to demonstrate compliance. We need to be bold enough to talk about the R word.