Approach to Risk Management
Applying risk management in an organization is viewed by LEADERS, a select group of companies who have initiated a structured risk management approach, as beneficial and worthwhile. External drivers, such as regulatory compliance and improvement of shareholder confidence, top the list as the greatest perceived benefit. However, the top motivation to implement a risk management process or structure is because it has been requested by the board and/or senior management of the organization. The value associated with reputation preservation and financial benefit are significantly higher than average. The overall viewpoint of LEADERS is that no risk category, such as hazards, financial or strategic, is currently receiving too much attention. Moreover, many believe that the perception of key risks are transforming from operational risks to strategic risks.
Functions Affected by Risk Management
Primary Processes – the chain of activities by which the organization’s products or services are realized; examples include purchasing, product development and marketing.
Operational Support Processes – disciplines that do not directly contribute to the realization of products or services, but are supporting the primary processes; examples include quality assurance and human resource management.
Business Processes – the managerial and administrative functions essential for running the business, such as strategic planning, accounting and legal compliance.
Organizational Levels in Risk Management
Risk management is bound to middle and upper levels in the company: a relevant number of companies indicate it is structurally practiced by the management team (46%), board members (37%) and middle management (40%).
Risk Management Guidance
- *ISO 31000*
- COSO ERM Framework
- EFQM Excellence Model
*Most frequently used*
The Relevance of Risk Management
50% of larger businesses and 33% of smaller businesses acknowledge the importance of risk management; this increases to 52% overall in a three-year projection.
An important driver for risk management implementation is pressure from external and internal regulators. External pressures are only magnified by continually updated standards, such as ISO 2015 and COSO ERM 2017.
Tips for Effective Risk Management:
- It should be an integral part of all organizational processes
- Be systematic, structured and timely
- Be adapted to the organizations’ specific strengths, weaknesses, opportunities and threats
- Be transparent and inclusive for the sake of the board, shareholders and decision-makers