Risk management is about more than avoiding bad things

Effective risk management is more important now than ever. It is more than a tick box and needs to continually evolve.

Risk has moved more sharply into focus in the organisational psyche. Objective risk analysis and management has changed through the efforts of many professionals, including accountants, and has influenced how we perceive, frame and oversee risk in the boardroom.

Building a risk management culture

Risk management is a matter of culture, rather than rules and regulations. It requires leadership and needs to be approached with a mindset of “achieving business objectives”, rather than “avoiding bad things”. Strong risk cultures share certain traits: they acknowledge risk (as threats and opportunities), discuss risk internally, and encourage transparency. The best cultures actively seek information and insights. A healthy culture – along with strong governance and effective management – creates true safeguards as many risks result from human behaviour.

Financial crises and scandals have underlined how easily weak controls can lead to misconduct, corruption and criminal practices. Risk management failure is widely regarded as one of the major contributors to the 2008 global financial crisis. Failures like these wreak financial and reputational damage on organisations and the wider community.

The good news is that the current environment of uncertainty caused by the global pandemic has led many leaders to rethink organisational priorities. Risk is now front-of-mind for boards. Those charged with governance must make time to reflect on risk management practices to ensure they are fit for purpose. Lessons should be used to reshape risk management as a tool to help organisations “thrive” rather than simply “survive”. Boards aiming to achieve more than their standard oversight obligations must dig deeper. They must assess the quality of their risk management as the cornerstone of their value-add as directors.

It all starts with the board’s risk appetite. Culture, processes and structures must take advantage of potential opportunities while managing potential threats. Boards must set the risk appetite of the organisation and then ensure an adequate framework is in place to identify, manage and monitor risks. Defining and documenting risk appetite supports the development of a good risk culture. It must be aligned to and support the purpose of the organisation.

Designing an effective framework

 

Boards should consider if the organisation needs to invest in technology-based tools to oversee and report on risks. Larger organisations might also establish a risk management committee. This can be an effective way to deliver the transparency, focus and independent judgement needed to oversee the organisation’s risk management framework. If a committee isn’t already in place, boards should assess the potential benefits of one.

Establishing an internal audit function is also an important consideration in an effective risk management framework. Internal audit can provide valuable assurance that key risk mitigation strategies, including internal controls, are operating effectively. A forward-looking internal audit can also provide insights into how to improve the effectiveness of the organisation’s risk management framework and improve overall performance.

Organisations with a clear line of sight over emerging issues – from board level down – have fared better during the early stages of the pandemic. While many risks are external to an organisation and often out of its control, there are important decisions to be made on exactly how risk is managed and how responses are communicated. A cohesive, integrated approach is crucial to ensure responsibilities and accountabilities are clearly defined and understood.

Well-designed risk management frameworks and governance can reduce operational losses, build stakeholder confidence, and help organisations to achieve long-term strategic and financial goals. The effective design and implementation of a fit-for-purpose framework and appropriate governance structure can be harder than it sounds but engaging independent expertise can assist. Contact a Synectic adviser to discuss how we can support you.

Need some help?