While increasing awareness of risk is extremely important in terms of creating a risk culture within an organisation, having a greater awareness of risk does not necessarily mean that organisations fully understand the risks affecting their business.
A greater understanding of riskHaving worked with large organisations from a number of regulated industries, we have seen that organisations need two crucial ingredients to better understand and effectively manage risk:
- How much the Board is invested in managing risk
- The visibility of risk within the company
If either of these ingredients are missing, even with the best intentions, organisations will struggle to make sense of their risk profile.
Without buy-in from the top, organisation’s often have a tendency to view risk management as an inconvenience and more of a tick box exercise, which overlooks the positive business opportunity that effectively managing risk can offer. To overcome this, those managing risk need to demonstrate to the Board the positive value of risk management rather than the cost of avoiding risk. You must ensure the impact of your risk management strategy is consistently measured to provide evidence of this.
On the other hand, an organisation with low risk visibility can end up spending the majority of its time collating risk information, with very little time left over to mitigate and manage risk. Ideally companies need to spend as little time as possible collating data in order to maintain their focus on risk analysis and mitigation.
Providing access to a central risk register minimises the administration required and removes the visibility barrier. Whilst ensuring that up-to-date risk reports are shared regularly across the business enables risk to be understood in a variety of different contexts. Only then will organisations be able to truly appreciate and understand the potential impact of risks facing the organisation.
Read full article online here (page 3)...