Enterprise risk management
Birgit de Lange - Recent updates to international risk management standards, such as the ISO 31000 Standard on risk management (2018) and COSO’s 2017 Enterprise Risk Management – Integrated Framework, as well as ongoing developments in corporate governance regimes have spurred focus by risk practitioners and boards on the effectiveness and value of their current approaches to risk management.
The evolution in risk management and corporate governance standards and codes reflect many of the improvements to practice collectively learned by the risk management community over the past decade. Within the market we identified the following three areas of risk management that our clients commonly find challenging:
· Practical articulation of risk appetite,
· Addressing the evolving role of technology in managing risk, and
· Enhancing risk reporting.
SUGGESTIONS
Below are a few suggestions, how the first one, practical articulation of risk appetite, which appears to be the most challenging one, can be addressed.
Risk appetite is a challenge for many organisations, and for some is simply put in the ‘too difficult’ or ‘overly theoretical’ bracket. However, when done well, it provides significant benefits in promoting organisational awareness of how risk-taking supports strategic execution and the risk envelope in which management levels can operate.
Outside of financial services, where this concept seems well established, we have seen increasing maturity and sophistication in how appetite is articulated, progressing beyond simple statements and ‘hungry and averse’ scales, to more objective, metric-based outputs linked to performance targets and measured with risk indicators.
Useful steps to ensure practical articulation include:
· Discuss with the board and the executive management team which type of risk appetite articulation best fits your organisation – who will use it, when and how?
· Consider risk appetite in the context of strategy, analysing the relationship with both principal risks and those risks (singular and portfolio) that can deliver strong upside and returns (which may not necessarily be ‘principal’ downside risks).
· Communicate risk appetite in business language, not risk-centric language, using quantifiable metrics wherever possible. For example, the thresholds of key performance indicators (KPIs) and key risk indicators (KRIs) can serve to communicate, promote and measure risk-taking behaviour at operational levels if their relationships and sensitivities with the risk in focus is analysed and understood.
* Birgit de Lange is the associate director: risk assurance service at PwC Namibia. Contact her at [email protected]
The evolution in risk management and corporate governance standards and codes reflect many of the improvements to practice collectively learned by the risk management community over the past decade. Within the market we identified the following three areas of risk management that our clients commonly find challenging:
· Practical articulation of risk appetite,
· Addressing the evolving role of technology in managing risk, and
· Enhancing risk reporting.
SUGGESTIONS
Below are a few suggestions, how the first one, practical articulation of risk appetite, which appears to be the most challenging one, can be addressed.
Risk appetite is a challenge for many organisations, and for some is simply put in the ‘too difficult’ or ‘overly theoretical’ bracket. However, when done well, it provides significant benefits in promoting organisational awareness of how risk-taking supports strategic execution and the risk envelope in which management levels can operate.
Outside of financial services, where this concept seems well established, we have seen increasing maturity and sophistication in how appetite is articulated, progressing beyond simple statements and ‘hungry and averse’ scales, to more objective, metric-based outputs linked to performance targets and measured with risk indicators.
Useful steps to ensure practical articulation include:
· Discuss with the board and the executive management team which type of risk appetite articulation best fits your organisation – who will use it, when and how?
· Consider risk appetite in the context of strategy, analysing the relationship with both principal risks and those risks (singular and portfolio) that can deliver strong upside and returns (which may not necessarily be ‘principal’ downside risks).
· Communicate risk appetite in business language, not risk-centric language, using quantifiable metrics wherever possible. For example, the thresholds of key performance indicators (KPIs) and key risk indicators (KRIs) can serve to communicate, promote and measure risk-taking behaviour at operational levels if their relationships and sensitivities with the risk in focus is analysed and understood.
* Birgit de Lange is the associate director: risk assurance service at PwC Namibia. Contact her at [email protected]
Comments
Namibian Sun
No comments have been left on this article