“Today, risks don’t fit into easy categories or emerge from pre-determined place. They assault from all sides. It may surprise you to know that at least half of all corporate crises are caused by senior management action rather than external forces. I firmly believe that the most successful, least crisis-prone businesses will be those whose boards have shown firm resolve and taken decisive action. Effective, integrated strategies for dealing with tomorrow’s risks require a change in culture at board level now.”
So said Lord Peter Levene, who hit the nail on the head when he spoke at the World Affairs Council. His comments resonate as they capture the essence of the challenge in risk management. Firstly, there are predictable and unpredictable risks, with the latter the most diffcult to manage. Secondly, management often contribute greatly to risk failures through ignorance or poor judgement. Thirdly, an integrated enterprise approach is needed. Lastly, it is the role of directors to ultimately take responsiblity and show leadership for risk management.
At Compliance Australia our perspective is that every business decision involves risk taking. The challenge is to to make such decisions in an informed manner to ensure maximum benefit and “no surprises”. While the term Enterprise Risk is now in common usage, in our experience very few organisations have a genuine enterprise wide risk system, while many have no system of risk assessment or management at all.
While there are a number of risk guidelines and standards there is very little practical guidance for directors who need to respond to the strategic risk oversight challenge. At Compliance Australia we have distilled the many reference points into a diagnostic program designed to assist with the identification and management of risk at both a strategic and operational level . The program commences with a series of interviews with internal and external stakeholders which leads to a risk register outlining the raw risks. We then work through those risks to assist directors and senior management to determine their risk appetite for each significant risk. Once the risk appetite is agreed we then work with key internal stakeholders within the business to implement risk mitigation and management procedures to meet the agreed appetite. Finally we establish risk monitoring and reporting procedures to ensure that the risks are being managed as intended going forward.
Of course this is a very potted summary of a complex issue. To find our more about our Risk Management Consulting Services please call Greg Goodman on 0411 825 458.
Tags: AFSL risk, AML risk, compliance risk, enterprise risk, Enterprise Risk Management, ERM, operational risk, risk appetite, Risk culture, risk governance, Risk Management, risk program, strategic risk