Risk Health Check: porridge, resilience and the advocacy of the devil
Like Goldilocks and her infamous porridge preference you need to take just the right amount of risk in pursuit of your strategy. No risk and your strategic goals will forever remain out of reach. Too much risk and you may put yourself out of business!
How your approach to risk will be viewed when the regulator or auditors come calling? And how will you cope if a key supplier or contractor suddenly “goes under”? Have you proactively made contingencies or will you have to reactively struggle to cope?
Moving from “fragmented” to “strategic” risk management
An appropriately populated, regularly reviewed risk register is a good first step, but it is not the end on the journey to being truly resilient as an organisation. To really embed risk management and ensure that you develop a resilient organisation, more able to cope with a perfect storm of risk events, rather than simply be one with a spreadsheet of risks, you need to ensure that:
- From the top down you understand your risk appetite and set the tone for how your organisation governs and addresses risk.
- Your executive has the understanding, culture, frameworks, policies and reporting in place to effectively manage and monitor risk.
- All business units and functions are involved in identifying their risks, assessing them and determining the appropriate response.
So, if you had to mark on the line below where your organisation is on its “risk journey”, right now, where would you put it?
If you marked anywhere to the left of “strategic” you might need some help from the devil’s advocate.
Playing the devil’s advocate
Sometimes you need someone to challenge you and gently ask the hard questions you may not be willing, or have the time, to ask yourself.
Someone who can:
- Review your risks – Are they complete? Understandable? Appropriate? What are the causes of risk appearance, or the consequences?
- Assess your controls – Are they comprehensive? Will they truly mitigate the risks? If not, what actions are required? How will you manage them?
- Ensure that you are getting the most out of your risk system – the Clearview risk software has developed significantly over the last year and there are many options and flexible ways of using it. Is your approach to risk still the best fit for the current external and internal environments?
- Check your governance process – to ensure that your Audit & Risk committees can be assured and have confidence in your overall approach to risk.
So if you want to ensure that you have good governance, good practices and an overarching framework in place to help you with your risks then please get in touch, let's see how we can help.