In this second of two blogs, we conclude our look at the five principles that organisations are using to create a risk- and opportunity-aware culture successfully.
By Junita van der Colff, Manager: Advisory at ContinuitySA
Set and communicate clear strategic objectives. If the staff does not understand where the organisation is headed, they will be unable to help identify relevant risks and opportunities. Also, if staff understand what the strategic direction and objectives are, they are more likely to act in ways that add value.
Ensure that the whole organisation takes responsibility for risk and opportunity management. The conventional view is that the risk manager owns the risk, and is thus responsible if anything goes wrong. This is clearly incorrect—no one person would be able to identify all the risks and opportunities facing a company. Rather, the risk management function’s responsibility is to provide the platform, tools and framework to identify and manage risk, and to identify opportunity. Risk managers thus have to adopt a leadership role, and act as change agents, while the identifying and managing both risk and opportunity becomes the responsibility of every staff member.
Set the organisation’s risk appetite and communicate it. Many organisations keep a risk register complete with risk ratings, but have not established what their overall risk appetite is. I believe this should be the starting point, because without this general guidance, it will not be possible to rate or prioritise risks.
Just as important is the communication of the organisation’s tolerance for each type of risk. For example, I find that few organisations have any tolerance for reputational risk these days. Communicating this effectively will help ensure that staff think twice before posting anything on social media that could impact the organisation’s reputation.
Keep it sweet and simple. In my experience, organisations over-complicate their enterprise risk management programmes. If one focuses on quality rather than quantity, staff are more likely to understand the value that the programme adds, and to participate—thus increasing the chance of success.
Integrate risk and opportunity management into business as usual. Staff members are identifying risks and opportunities in the normal course of their work, often without being aware of it. By making them conscious of how important it is to be aware of risks and opportunities, they will start to make their seniors aware of both. I am not advocating formal training and awareness sessions to effect this change—in my experience they are all too often theory-driven and therefore ineffective. Effective leaders are much more instrumental in driving culture change.
Organisations that can successfully drive this cultural change stand to derive massive benefits from their risk and opportunity management programmes. They will only be able to achieve the benefits, though, if they have the right people and culture in place.
For all your Enterprise Risk Management requirements be sure to contact us.