A recent whitepaper published by Protiviti introduces five secrets to help organizations build risk management as an effective and strategic contributor to the success of their business. With the deployment of all five secrets, chief risk officers will be able to advise management when to act or pass on potential great opportunities based on the risks involved. Additionally, the organization’s culture will be aligned with the performance and risk management methodology if the five secrets are applied. The five secrets include:

Integrity to the Discipline

The chances of achieving organizational objectives while protecting enterprise value will be maximized by having a clear grasp on business realities, understanding what “risk” is, tying risk tolerance to performance, and deploying risk management above and beyond compliance activities. A strong tone at the top is essential to define the importance an organization places on risk management and precedes integrity to the discipline. Additionally, integrity must pass through every level and activity within the organization in relation to risk management.

Constructive Board Engagement

Board members must be actively engaged and able to exercise judgment as to the changing risk profile in relation to the organization’s performance objectives. Through the risk oversight process, the board should:

  • Obtain an understanding of the risks inherent in the corporate strategy,
  • Be familiar with the risk appetite of management in executing the strategy,
  • Access objective information about the critical assumptions in the strategy,
  • Be alert for behavior that can lead to excessive risk taking, and
  • Provide input to management regarding critical risk issues in a timely manner.

Effective Risk Positioning

Knowledgeable professionals must be responsible for executing effective risk management programs by taking an objective perspective without consequences to their compensation and careers. An effective organizational structure should be established to enable collaboration between risk professionals and management, leading to a risk culture desired by the board of directors.

Establish a Learning Curve

Mistakes must be acted upon, shared, and discussed across the company, rather than hidden, in order to learn and improve policies and processes. Additionally, lessons learned by others external to the organization provide opportunities for chief risk officers (CRO) to apply the circumstances to their own organization. Risk management should be linked to daily activities and embraced as part of the agenda for important meetings.

Set Appropriate Incentives

Incentives should be used to recognize individuals, departments, and the enterprise for enhanced risk awareness behavior in pursuit of goals and objectives. Incentives should also be reviewed to ensure they do not encourage behavior that results in unacceptable risk-taking. For incentive compensation plans, it is critical to avoid:

  • Large amounts of cash compensation for short-term activities, without regard for the risks taken or the potential long-term consequences, and
  • Structures that allow management compensation to be significantly out of balance with long-term shareholder returns.

Attention should be placed on incentive compensation structures at the production floor, as well as the executive and upper management level.

Once all five secrets are built into the risk management program, activities that are typically the focus of risk programs, such as policies and frameworks, will fall into place and relationships with regulators can improve. Risk management must be viewed as a strategic contributor to the organization’s success in order for the board’s oversight role and CRO’s role to be fulfilled and relevant. Successful deployment of all five secrets introduced can enable CROs to advise management and the board when to take advantage or pass on potential opportunities in achieving strategic objectives.

Click below to access the whitepaper.

Link: Protiviti

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2010-12-01