As leader of your division or company, could the statement below be a vision for your risk management strategy?
As leader, my vision for risk management is that all key risks to the achievement of our strategic and business plan objectives are identified, managed to within acceptable levels and considered in management of the business.
To achieve this, we will create an environment where attention to risk is embedded into our culture, planning, decision making and business-as-usual activities.
This change will not happen overnight but will begin with making risk a part of everyday management, supported by simple management information.
We will move beyond risk being a boxed ticked to satisfy the governance committee and the organisation will transition to being risk-led.
If so, excellent!
Digital transformation is about the leadership needed to make bold but necessary changes in organisational structure and process and in embedded behaviours, whilst being enabled by technology. Making the consideration of risk an everyday part of business operations is a key step in the right direction.
What does it mean to be risk led?
- Risk management is not a separate activity, and it is not about managing risks. It is about managing the organisation – setting your objectives, making commitments, and managing your company or division’s performance with the threats and opportunities that affect these outcomes uppermost in mind.
- Your leaders make decisions with consideration of backward-looking performance, current situational awareness, and future uncertainty.
- Meaningful information is generated to support decision-making. Information can be used at the right time by the right people, to inform on both internal and external matters.
- Where you decide to respond to risks, the responses become part of the plan.
We can move into an uncertain future with confidence
A confident response
To generate this confidence, we can help you follow several core principles. Your management of risk will be “PACED”:
- Proportionate – Your efforts to manage and respond to risk will be proportionate to the type and level of risk in each part of your organisation, with consideration of what threat is tolerable. We will help you adopt an approach that puts effectiveness at the heart of risk management, recording and clearly communicating a manageable number of genuine, significant risks and committing to execute effective responses. This will be led by your C-suite, or C-1, who will identify and respond to the principal risks of the business in a manner that acts as a force multiplier for all activities in the organisation.
- Aligned – Risk management will be aligned and integrated with your other management processes and systems. Risks will be considered in the context of your objectives and outputs. We will ensure that our practice is also aligned to your policy to provide assurance to stakeholders.
- Comprehensive – We will help you apply formal risk management in all areas of your enterprise.
- Embedded – Risk management is not a separate activity and must be embedded as part of the governance and decision-making activity in all areas of your organisation. With our initial guidance, risks will be managed in the context of your strategic and business plan objectives.
- Dynamic – As a key decision-making enabler, risk information will be refreshed regularly and reported upon. Escalation when needed must be timely, accurate and provide coverage of the key risks to support relevant decisions.
Once you are comfortable with your risk strategy, as above, you can get into more detail:
- Risk Identification
- Risk Evaluation
- Risk Treating
- Risk Monitoring, Reporting and Escalation.
Get in touch