Disruption is the new normal. Our world, and business in particular, is changing at an unprecedented rate. With this comes uncertainty. Simply put, risk is the effect of this uncertainty on your objectives. So it stands to reason that chasing down those objectives without a systematic and robust approach to managing risk is like crossing the road with your eyes closed.
Tackling these nine fundamental questions will help all directors and senior executives better understand how risks are managed across their organisations. They shine a light on the link between objectives and risk, and dismiss the misconception that risk management is a tick-box exercise.
How established is your approach to risk management?
A robust framework is dependent on a clear understanding of where your risk management efforts are now, and what changes are needed.
Have you defined your appetite for risk?
You have to know your limits. Setting a clear risk appetite provides a line in the sand when assessing risk.
Do clear roles and responsibilities exist?
Responsibility for risk management should exist across the business, at all levels. Clear expectations are needed to ensure that efforts are aligned.
Is your assessment of risk driven by your strategy?
Are your risks clearly linked to your strategy and objectives?
Does your risk management framework consider threats and opportunities?
The traditional view of risk management is rather pessimistic, focussing only on threats or ‘downside’ risks. To be truly holistic, your framework should focus on opportunities or ‘upside’ risks as well.
Is your approach to risk scoring customised, and fit-for-purpose?
To be truly meaningful, the way in which you assess risk must be in context of your business and aligned with your risk appetite.
How effective are your existing controls?
Achieving effective control over your risks is essential. In order to do this, you must have a clear picture of what those controls are, how well they’re designed, and how they operate in practice.
Do you know what assurances you do, and (critically) don’t, have access to?
Knowing your risks is important. Knowing your controls is essential. Knowing if they’re effective is critical.
Does your risk management framework inform decision making?
Directors and senior executives should receive regular and timely information on risk that facilitates informed decision making.
For more information contact Tarunesh Singh