Is your Risk Management up to Scratch?
Since the 2008 financial crisis, boards have come under increasing pressure to assess and manage risk thanks to ever-increasing regulation, worldwide financial instability and media attention to organisations in financial crisis. Without proper risk management, businesses are vulnerable to losses, expense increases, civil and statutory offences, which could lead to fines and other legal complications, and a damaged reputation.
Board members, shareholders and executives know that in order to grow their business, there needs to be a certain element of risk-taking, which means there needs to be a balance between managing risk and adding value. This is why it’s vital that risk awareness is a major part of company culture. Management need to understand risk, and carry out policies and procedures set by the board. Understanding where risk awareness and management is lacking within your organisation will help you to control it.
While management actively manage risk, a board’s role in risk management should be limited to an overseer’s role, which means cultivating a company culture where risk awareness and management is integral. In addition, the board should develop policies and company procedures that management can follow in accordance with the business’s risk appetite and growth strategy.
Reviewing risk management
You should seek out areas within your organisation that might be exposed to risk, or where compliance with best practices are not up to scratch. Review with management areas such as:
- Risk appetite and strategy
- Implementation of procedures and policies
- Roles, responsibilities and expectations
- Communication procedures between all departments including reporting to the board
- Likelihood and impact of risks and mitigating measures
- Reports from independent auditors, legal counsel and other experts regarding potential risks
If risk management is handled by more than one department within your organisation, then it’s imperative that communication is clear between them and that both departments report back to the board on an ongoing basis. This will aid transparency within your organisation. It will encourage a flow of all risk-related information between departments, and will help to reaffirm risk management as part of the business strategy and company culture.
Risk should be assessed by boards on an ongoing basis, but an annual review of risk management policies and practices can help familiarise the board with industry expectations and engage them fully. Part of your annual review can include ways that your organisation can resist external pressures that could increase your risk profile, for example, hedge funds and shareholders, that encourage short term results at the expense of long term goals.
Risk management is fast becoming an increasingly important and challenging part of decision-making at board level. Poor risk management practices can be felt throughout entire organisation, which means risk awareness should be an integral part of your company culture, growth strategy and day-to-day operations. You should seek to anticipate future risks, which can help nip them in the bud before they escalate into something that could be detrimental.
If you’d like more advice on risk management, email us at firstname.lastname@example.org