Security Staff Acquisition & Development

Use Crowdsourcing to Identify Risks from the Whole Workforce

Steve Shapiro
Steve Shapiro

Identifying the most critical risks facing a big company can be difficult. New issues pop up constantly, new trends and fields of study that most executives have barely heard of suddenly pose significant risks (think how much of a threat ransomware was considered to be, even just a few years ago) and, of course, the infamous “black swans” – events with severe implications that are far more likely than conventional wisdom holds them to be – are only a heartbeat away.

But a firm’s employees can provide an unexpected source of knowledge and expertise. This approach may already be familiar to some ERM teams that survey executives and managers to uncover top enterprise risks. However, to leave no stone unturned and truly exploit the wisdom of crowds, risk teams should consider expanding this method to include other employees. Not only does this give them a better picture of the risk landscape, it’s a simple way to boost employee engagement and can serve as a springboard towards developing an enterprise-wide risk culture.

Before risk teams start interrogating the workforce, however, it pays to take note of the challenges that often accompany crowdsourcing efforts. One industrial firm in CEB’s networks discovered these impediments when it encouraged employees to submit new ideas. The company identified five barriers and developed solutions for each (see chart 1).


Chart 1: Five barriers to getting good ideas from employees  Source: CEB analysis


Three Ways to Start Crowdsourcing

Above all else, one of the best ways to encourage employee participation in crowdsourcing is to make it fun. Setting up games, offering rewards, and providing the right kinds of recognition all engage employees with the process. Three companies provide some good examples of how to use crowdsourcing to uncover risks.

1. Best Buy’s prediction markets: Electronics retail giant Best Buy wanted a way to track possible risks that could derail top projects. The company was afraid that using a calendar-based risk assessment process would leave them slow to respond to any new developments. So instead, they created prediction markets to provide real-time feedback and continuously evaluate potential risks.

The company started by inviting employees to participate in the markets and supplied them with “virtual credits” that they could use to bet on the success or failure of certain projects. If a project’s stock price dipped below a pre-determined threshold then it triggered an evaluation by the risk team.

At the end of the trading period, Best Buy rewarded the ten traders who showed the highest growth in their market portfolios.

2. ADP’s online bracket tournament: Payroll company ADP has to deal with a lot of digital risks. The company currently competes with over 2,000 start-ups, according to its chief technology officer Stuart Stackman in an interview with CXO Talk last July.

To stay on top of all these threats, ADP’s enterprise risk management and strategy teams host a tournament of ideas for the company’s employees. The chief strategy officer records a video sent out to employees outlining the company’s goals and invites them to submit their ideas about the digital risks and opportunities the company should look out for.

The employee-identified ideas then face off in a bracket-style tournament (such as a tennis grand slam) where employees vote to decide the winner in each match-up based on what they think is the most interesting and valuable digital trend. The winning employee gets to make another video and present his/her idea to the company.

3. Black swan hunts: After the financial crisis in 2008-2009, a large bank in CEB’s networks wanted to get better at identifying possible black swans, which it defined as high-impact, low-probability events. The risk team turned to employees to help them hunt for these swans.

The team first recruited volunteers by sending out a company-wide email. The participants then gathered for “swan hunting” sessions to discuss possible events and share ideas in smaller groups. Once swans were identified, the company showcased the results in a “swan expo,” and highlighted the most innovative swans. The employees who came up with the ideas were also invited to present their thoughts to senior executives.

Not only was the company able to identify a large number of high-impact risk events, but it also provided employees with a common language for communicating about risk. As one manager stated, “The swan sessions have dramatically increased the amount of informal dialogue among employees about risk.” In other words, by using crowdsourcing, the company was able to kill two birds with one stone.


Steve Shapiro is a newsdesk analyst at CEB, now Gartner. Read more blogs from the firm here.

Sponsored by CEB, now Gartner

Leaders at more than 10,000 organizations worldwide rely on CEB services to harness their untapped potential and grow. Now offered by Gartner, CEB best practices and technology solutions equip customers with the intelligence to effectively manage talent, customers, and operations. More at www.gartner.com/ceb.

You can skip this ad in 5 seconds