Skip to main content
Poole College of Management
Enterprise Risk Management Initiative
ERM Leadership and Governance

Five Secrets to Achieve Effective Risk Management

December 1, 2010 3-min. read

A recent whitepaper published by Protiviti introduces five secrets to help organizations build risk management as an effective and strategic contributor to the success of their business. With the deployment of all five secrets, chief risk officers will be able to advise management when to act or pass on potential great opportunities based on the risks involved. Additionally, the organization’s culture will be aligned with the performance and risk management methodology if the five secrets are applied. The five secrets include:

Integrity to the Discipline

The chances of achieving organizational objectives while protecting enterprise value will be maximized by having a clear grasp on business realities, understanding what “risk” is, tying risk tolerance to performance, and deploying risk management above and beyond compliance activities. A strong tone at the top is essential to define the importance an organization places on risk management and precedes integrity to the discipline. Additionally, integrity must pass through every level and activity within the organization in relation to risk management.

Constructive Board Engagement

Board members must be actively engaged and able to exercise judgment as to the changing risk profile in relation to the organization’s performance objectives. Through the risk oversight process, the board should:

  • Obtain an understanding of the risks inherent in the corporate strategy,
  • Be familiar with the risk appetite of management in executing the strategy,
  • Access objective information about the critical assumptions in the strategy,
  • Be alert for behavior that can lead to excessive risk taking, and
  • Provide input to management regarding critical risk issues in a timely manner.

Effective Risk Positioning

Knowledgeable professionals must be responsible for executing effective risk management programs by taking an objective perspective without consequences to their compensation and careers. An effective organizational structure should be established to enable collaboration between risk professionals and management, leading to a risk culture desired by the board of directors.

Establish a Learning Curve

Mistakes must be acted upon, shared, and discussed across the company, rather than hidden, in order to learn and improve policies and processes. Additionally, lessons learned by others external to the organization provide opportunities for chief risk officers (CRO) to apply the circumstances to their own organization. Risk management should be linked to daily activities and embraced as part of the agenda for important meetings.

Set Appropriate Incentives

Incentives should be used to recognize individuals, departments, and the enterprise for enhanced risk awareness behavior in pursuit of goals and objectives. Incentives should also be reviewed to ensure they do not encourage behavior that results in unacceptable risk-taking. For incentive compensation plans, it is critical to avoid:

  • Large amounts of cash compensation for short-term activities, without regard for the risks taken or the potential long-term consequences, and
  • Structures that allow management compensation to be significantly out of balance with long-term shareholder returns.

Attention should be placed on incentive compensation structures at the production floor, as well as the executive and upper management level.

Once all five secrets are built into the risk management program, activities that are typically the focus of risk programs, such as policies and frameworks, will fall into place and relationships with regulators can improve. Risk management must be viewed as a strategic contributor to the organization’s success in order for the board’s oversight role and CRO’s role to be fulfilled and relevant. Successful deployment of all five secrets introduced can enable CROs to advise management and the board when to take advantage or pass on potential opportunities in achieving strategic objectives.

Original whitepaper: 

“The Name of the Game is Risk Secrets of the Winning Hand” by Protiviti

More From Enterprise Risk Management Initiative

photo of woman with e-tablet.

Techniques to Prioritize and Monitor Risks
5 Questions to Identify Potential Risks on the Horizon

Processes to Identify Risks
2024 The State of Risk Oversight Report featured image

2024 The State of Risk Oversight: An Overview of Enterprise Risk Management Practices - 15th Edition