top of page

What does good look like? Embedded Risk Management

Risk management is a team game

There are a lot of elements that must come together to make an effective risk management program. The tone from the top, regular and clear communications with team members, training, engagement & involvement in the risk management process and solid linking with strategic planning activities are just some key elements.

Assuming that it all comes together, what features would we expect a well established and embedded risk management program to have?

Firstly, there would be clarity about what risk the business can tolerate and what it needs to do to manage this risk. This wouldn't be confined to the Board room or the risk department, but would be understood by the entire team.

Secondly, armed with this awareness, there would be an expectation that staff would proactively think about risk and respond appropriately and in a timely manner. First line of defence participation and ownership would be high.

Next, in this environment there would be an expectation of a disciplined and structured approach to risk - everybody would know their responsibilities for risk management enabling a coordinated and effective response to risk.

All of the above should lead to what many would call a risk aware culture.

The Risk Management Process

Risk Management Process

*Source: Based on CAN/CSA-ISO 31000-10, Risk Management – Principles and Guidelines, International Standards Organization/Canadian Standards Association, 2009

The above diagram is from the ISO31000 standard. In future posts we'll talk about each of the elements in turn but for now, assuming an organisation had adopted this approach to risk management, we would expect to see certain attributes:

  • future focussed - anticipate and manage uncertainty

  • transparent - open dialogue with stakeholders about risks

  • constructive - as much about realising opportunities as mitigating threats

  • consistent & comprehensive - uniformly applied across all business units

  • strategic - drive RM process by aligning with business objectives

  • reflective - maintain a healthy unease by regularly evaluating the process

  • agile - adaptive to the business as it grows and evolves

Imagine the benefits that would flow to an organisation that was able to get this right. It takes an investment of time and resources but most importantly, leadership from the very top.

Some organisations seem to manage their risk with ease, some do a great job at one element (e.g. safety) and are not so good at the rest. Others are yet to formally start the journey to realising the benefits of good risk management. Whatever stage of the risk journey your organisation is at, it's worth continuing the conversation.

Next time, we'll discuss the first component of the process - Establish Context.

92 views0 comments
bottom of page