SlideShare a Scribd company logo

The risks of risk management

C
cjburt

Ever wondered what the purpose of risk management is? (No, it's really not to manage risks!) Take a look at our whitepaper on how to get real value out of your risk management arrangements and let me know what you think.

Leadership & Management
1 of 3
Download to read offline
The risks of risk management © Independent Audit Limited 2016 Imagine you are an audit or risk committee member and it’s that time again. The committee agenda says something like ‘Review of top 12 risks’. Dutifully you and the other committee members run down the list, discussing, asking probing questions, getting updates from management. You look around the table and everyone seems engaged. But you can’t help feeling the whole thing is something of a waste of time. The trouble is, the same process is used by your other boards, so this must be how it’s done... This paper sets out Independent Audit’s thinking on risk management. We help boards and audit/risk committees see through the fog of traditional risk management approaches and ensure appropriate focus on what the business is trying to achieve, and what might prevent its achievement. The symptoms of poor risk management In many businesses, there is a tendency towards ‘risk listing’, with the primary focus on documenting, assessing and prioritising lists of risks. Sadly, in most cases this approach adds little value, leading to page- turning discussions around the top 10 or 20 risks whilst diverting attention away from the real value of risk management, which is to help the business deliver its strategy through achieving its objectives. In the end, the thing risk listing is most successful at is convincing the board and senior management that they are dealing with risk in the same way as other organisations – since this approach is endemic across UK businesses. So what’s the answer? Let’s start with the basics. The purpose of risk management is not to manage risks per se. The purpose of risk management is actually to help you achieve your strategic business objectives. Therefore, having clarity of strategic objectives (covering categories for strategic, operational, information, compliance and viability objectives) is a pre-requisite for effective risk management. Once defined at the highest level, objectives can be cascaded throughout the organisation. This is no small job, but even if you go no further than clearly defining your top level objectives, you should still see benefits. Use of cascaded objectives also provides an effective mechanism for neatly consolidating and ‘rolling up’ risk information to the top level, at the same time as dealing with the problem of linking top down and bottom up risk management approaches. The next step is to recognise that achievement of business objectives isn’t just about managing what might go wrong (risks), but is actually about making sure things go right. Consequently, for each objective, management needs to define what it needs to get right in order to meet that objective. Only at this point does management need to worry about preventing things from going wrong. Identifying what might prevent you from achieving your objectives is a valid (and value-adding) thing to do. It’s just that it needs to be balanced against the need to get things right (and to be clear on what those things might be).
© Independent Audit Limited 2016 Risk appetite and conflicting priorities Fortunately, this approach also helps deal with the knotty problem of risk appetite (an organisation’s willingness to take on risk). If truth be told, many organisations struggle to get to grips with risk appetite in any meaningful way. Even in risk-mature businesses it can remain a largely esoteric concept. Far better, and more meaningful, is to consider risks in the context of what you, as a business, are trying to achieve. For example, it is easier to assess whether you are taking on too much risk (or perhaps not enough risk) when you consider those risks in the context of the objective you are trying to achieve. If the objective is very important (such as compliance with law & regulation), you might decide that you can’t take any significant risks that might undermine its achievement. Therefore, on a cost versus benefit basis, it’s worth spending more money on controls to mitigate the risk. Counter-intuitively, the opposite might also be true. For example, you may have an important objective, such as entering a new market, which requires you to take more risk in order to achieve it. Setting risk appetite by objective (or category of objectives) provides the board and senior management with the necessary context to make well-informed risk decisions. Standard risk appetite statements don’t help with this thinking. Putting risks in the context of what you are trying to achieve does. Incidentally, defining business objectives that can be ranked in order of relative importance can also help businesses think through and manage the challenge of conflicting priorities. For example, (and thinking about recent real-world events), is it more important to boost short-term profits through increased market share or ensure long-term viability and stable profits through compliance with (fuel emissions) regulations? There will never be a simple answer to the question of competing priorities, but presenting the board and senior management with objective-based risk information should facilitate a good discussion. From risk management to performance management Taking this thinking further, imagine that you RAG (red, amber, green) rated your objectives for ‘certainty of achievement’ based on whether you are managing to get things right, as well as managing your risks. If this is done across the organisation, with achievement of subsidiary objectives feeding into the ‘certainty of achievement’ of higher level objectives, then suddenly executive management and the board has access to forward-looking performance information drawn from across the organisation. The executive team no longer needs to ‘read the tea leaves’ of financial variance analyses presented in the monthly management pack to decide where to focus resources. The information would be clearly apparent in the RAG-rating of the business’ objectives. It’s likely that senior management would demand this future-looking performance information be provided alongside the financials in every monthly pack. At this point the risk management process becomes a living, breathing part of the business, embedded within day-to-day management processes and contributing to the performance of the business.
© Independent Audit Limited 2016 Why do this? You probably already have a sinking feeling that this is all rather complex and a lot of work. And to an extent you would be right – although there are a number of ‘quick wins’ that will have an immediate effect on the way the Board and Audit/Risk Committee consider risks. Implementing this model is likely to result in considerable change affecting all aspects of your organisation – including how the Board directs, management manages and the business performs. The benefits, however, are likely to be considerable – including enhanced business performance, rationalisation of key controls, simplified risk and control reporting (management and regulatory) and improved Audit/Risk Committee line of sight into the first line. The model also aligns closely with UK Corporate Governance Code risk management requirements (including the viability statement). Why Independent Audit As one of the UK’s leading board reviewers, we see a wide range of risk management systems and the different types of risk information provided to boards and audit committees – both the good and the bad. This has helped us develop an intimate understanding of what really matters to boards and what organisations need to get right. Using this understanding, we provide clients with bespoke, light-touch consultancy to help them transform the quality and effectiveness of their risk and broader governance arrangements. If you would like to explore further the ideas and suggestions raised in this paper, or would like more information on how Independent Audit can help you improve your risk arrangements, please feel free to contact Chris Burt, our Risk Practice lead partner. Contact: Chris Burt T +44 (0)20 7220 6588 | M +44 (0)7905 469039 chris.burt@independentaudit.com | www.independentaudit.com 4 Bury Street | London | EC3A 5AW | +44 (0)20 7220 6580

Recommended

Two pager Enterprise Resilience
Two pager Enterprise ResilienceTwo pager Enterprise Resilience
Two pager Enterprise ResilienceFriederike Völker
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateAnthony Chiusano
 
Calm Org Change Solution D..
Calm Org Change Solution D..Calm Org Change Solution D..
Calm Org Change Solution D..koehndj
 
What we do
What we doWhat we do
What we doNarasimha Das
 
Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Andrew Smart
 
From regulatory rigidness to meaningful resilience
From regulatory rigidness to meaningful resilienceFrom regulatory rigidness to meaningful resilience
From regulatory rigidness to meaningful resilienceThei Geurts
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementSiteshUpadhyay
 
Strategic Managment Frameworks
Strategic Managment FrameworksStrategic Managment Frameworks
Strategic Managment FrameworksDavid Coleman
 

Recommended

Two pager Enterprise Resilience
Two pager Enterprise ResilienceTwo pager Enterprise Resilience
Two pager Enterprise ResilienceFriederike Völker
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateAnthony Chiusano
 
Calm Org Change Solution D..
Calm Org Change Solution D..Calm Org Change Solution D..
Calm Org Change Solution D..koehndj
 
What we do
What we doWhat we do
What we doNarasimha Das
 
Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Andrew Smart
 
From regulatory rigidness to meaningful resilience
From regulatory rigidness to meaningful resilienceFrom regulatory rigidness to meaningful resilience
From regulatory rigidness to meaningful resilienceThei Geurts
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementSiteshUpadhyay
 
Strategic Managment Frameworks
Strategic Managment FrameworksStrategic Managment Frameworks
Strategic Managment FrameworksDavid Coleman
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceResolver Inc.
 
Enterprise Risk Management
Enterprise Risk Management Enterprise Risk Management
Enterprise Risk Management GAURAV SHARMA
 
Employee Engagement and Your Enterprise Security Risk Management Strategy
Employee Engagement and Your Enterprise Security Risk Management StrategyEmployee Engagement and Your Enterprise Security Risk Management Strategy
Employee Engagement and Your Enterprise Security Risk Management StrategyResolver Inc.
 
A5 b1 risk assessement_suzanne gibson_en
A5 b1 risk assessement_suzanne gibson_enA5 b1 risk assessement_suzanne gibson_en
A5 b1 risk assessement_suzanne gibson_enocasiconference
 
Enhancing Your Business Value
Enhancing Your Business ValueEnhancing Your Business Value
Enhancing Your Business Valuepeter.oreb
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesRahul Bhan (CA, CIA, MBA)
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesRahul Bhan (CA, CIA, MBA)
 
Risk Health Check
Risk Health CheckRisk Health Check
Risk Health CheckLjuba Bogdanovich
 
Surviving The Crisis Of Growth
Surviving The Crisis Of GrowthSurviving The Crisis Of Growth
Surviving The Crisis Of Growthqabi
 
Enterprise risk-management1973
Enterprise risk-management1973Enterprise risk-management1973
Enterprise risk-management1973NATHAN Consulting
 
Datasheet: Iconixx for Financial Professionals
Datasheet: Iconixx for Financial ProfessionalsDatasheet: Iconixx for Financial Professionals
Datasheet: Iconixx for Financial ProfessionalsIconixx
 
Managing Complexity | London Business School
Managing Complexity | London Business SchoolManaging Complexity | London Business School
Managing Complexity | London Business SchoolLondon Business School
 
How to optimize risk in entrepreneurship
How to optimize risk in entrepreneurshipHow to optimize risk in entrepreneurship
How to optimize risk in entrepreneurshipventurecare2911
 
Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyAndrew Smart
 
Safety Productivity Multiplier_ How to Turn Workplace Safety into a Competiti...
Safety Productivity Multiplier_ How to Turn Workplace Safety into a Competiti...Safety Productivity Multiplier_ How to Turn Workplace Safety into a Competiti...
Safety Productivity Multiplier_ How to Turn Workplace Safety into a Competiti...Sue Antonoplos
 
Understanding a Crisis
Understanding a CrisisUnderstanding a Crisis
Understanding a Crisisaakash malhotra
 
Anne Frisch, CFO at EPWN - Bridging Finance and HR
Anne Frisch, CFO at EPWN - Bridging Finance and HRAnne Frisch, CFO at EPWN - Bridging Finance and HR
Anne Frisch, CFO at EPWN - Bridging Finance and HRGlobal Business Events
 
FMM&A15-StratexSystems
FMM&A15-StratexSystemsFMM&A15-StratexSystems
FMM&A15-StratexSystemsAndrew Smart
 
Today's top 5 pension ailments
Today's top 5 pension ailmentsToday's top 5 pension ailments
Today's top 5 pension ailmentsGraeme Cross
 
EL DIALOGO
EL DIALOGOEL DIALOGO
EL DIALOGOJasson Ticona
 
El portafolioo
El portafoliooEl portafolioo
El portafoliooJasson Ticona
 
LA V HURISTICA
LA V HURISTICALA V HURISTICA
LA V HURISTICAJasson Ticona
 

More Related Content

What's hot

Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceResolver Inc.
 
Enterprise Risk Management
Enterprise Risk Management Enterprise Risk Management
Enterprise Risk Management GAURAV SHARMA
 
Employee Engagement and Your Enterprise Security Risk Management Strategy
Employee Engagement and Your Enterprise Security Risk Management StrategyEmployee Engagement and Your Enterprise Security Risk Management Strategy
Employee Engagement and Your Enterprise Security Risk Management StrategyResolver Inc.
 
A5 b1 risk assessement_suzanne gibson_en
A5 b1 risk assessement_suzanne gibson_enA5 b1 risk assessement_suzanne gibson_en
A5 b1 risk assessement_suzanne gibson_enocasiconference
 
Enhancing Your Business Value
Enhancing Your Business ValueEnhancing Your Business Value
Enhancing Your Business Valuepeter.oreb
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesRahul Bhan (CA, CIA, MBA)
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesRahul Bhan (CA, CIA, MBA)
 
Surviving The Crisis Of Growth
Surviving The Crisis Of GrowthSurviving The Crisis Of Growth
Surviving The Crisis Of Growthqabi
 
Enterprise risk-management1973
Enterprise risk-management1973Enterprise risk-management1973
Enterprise risk-management1973NATHAN Consulting
 
Datasheet: Iconixx for Financial Professionals
Datasheet: Iconixx for Financial ProfessionalsDatasheet: Iconixx for Financial Professionals
Datasheet: Iconixx for Financial ProfessionalsIconixx
 
Managing Complexity | London Business School
Managing Complexity | London Business SchoolManaging Complexity | London Business School
Managing Complexity | London Business SchoolLondon Business School
 
How to optimize risk in entrepreneurship
How to optimize risk in entrepreneurshipHow to optimize risk in entrepreneurship
How to optimize risk in entrepreneurshipventurecare2911
 
Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyAndrew Smart
 
Safety Productivity Multiplier_ How to Turn Workplace Safety into a Competiti...
Safety Productivity Multiplier_ How to Turn Workplace Safety into a Competiti...Safety Productivity Multiplier_ How to Turn Workplace Safety into a Competiti...
Safety Productivity Multiplier_ How to Turn Workplace Safety into a Competiti...Sue Antonoplos
 
Anne Frisch, CFO at EPWN - Bridging Finance and HR
Anne Frisch, CFO at EPWN - Bridging Finance and HRAnne Frisch, CFO at EPWN - Bridging Finance and HR
Anne Frisch, CFO at EPWN - Bridging Finance and HRGlobal Business Events
 
FMM&A15-StratexSystems
FMM&A15-StratexSystemsFMM&A15-StratexSystems
FMM&A15-StratexSystemsAndrew Smart
 
Today's top 5 pension ailments
Today's top 5 pension ailmentsToday's top 5 pension ailments
Today's top 5 pension ailmentsGraeme Cross
 

What's hot (19)

Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and Performance
 
Enterprise Risk Management
Enterprise Risk Management Enterprise Risk Management
Enterprise Risk Management
 
Employee Engagement and Your Enterprise Security Risk Management Strategy
Employee Engagement and Your Enterprise Security Risk Management StrategyEmployee Engagement and Your Enterprise Security Risk Management Strategy
Employee Engagement and Your Enterprise Security Risk Management Strategy
 
A5 b1 risk assessement_suzanne gibson_en
A5 b1 risk assessement_suzanne gibson_enA5 b1 risk assessement_suzanne gibson_en
A5 b1 risk assessement_suzanne gibson_en
 
Enhancing Your Business Value
Enhancing Your Business ValueEnhancing Your Business Value
Enhancing Your Business Value
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management Services
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management Services
 
Risk Health Check
Risk Health CheckRisk Health Check
Risk Health Check
 
Surviving The Crisis Of Growth
Surviving The Crisis Of GrowthSurviving The Crisis Of Growth
Surviving The Crisis Of Growth
 
Enterprise risk-management1973
Enterprise risk-management1973Enterprise risk-management1973
Enterprise risk-management1973
 
Datasheet: Iconixx for Financial Professionals
Datasheet: Iconixx for Financial ProfessionalsDatasheet: Iconixx for Financial Professionals
Datasheet: Iconixx for Financial Professionals
 
Managing Complexity | London Business School
Managing Complexity | London Business SchoolManaging Complexity | London Business School
Managing Complexity | London Business School
 
How to optimize risk in entrepreneurship
How to optimize risk in entrepreneurshipHow to optimize risk in entrepreneurship
How to optimize risk in entrepreneurship
 
Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business Strategy
 
Safety Productivity Multiplier_ How to Turn Workplace Safety into a Competiti...
Safety Productivity Multiplier_ How to Turn Workplace Safety into a Competiti...Safety Productivity Multiplier_ How to Turn Workplace Safety into a Competiti...
Safety Productivity Multiplier_ How to Turn Workplace Safety into a Competiti...
 
Understanding a Crisis
Understanding a CrisisUnderstanding a Crisis
Understanding a Crisis
 
Anne Frisch, CFO at EPWN - Bridging Finance and HR
Anne Frisch, CFO at EPWN - Bridging Finance and HRAnne Frisch, CFO at EPWN - Bridging Finance and HR
Anne Frisch, CFO at EPWN - Bridging Finance and HR
 
FMM&A15-StratexSystems
FMM&A15-StratexSystemsFMM&A15-StratexSystems
FMM&A15-StratexSystems
 
Today's top 5 pension ailments
Today's top 5 pension ailmentsToday's top 5 pension ailments
Today's top 5 pension ailments
 

Viewers also liked

Análisis de casos o estudio de casos
Análisis de casos o estudio de casosAnálisis de casos o estudio de casos
Análisis de casos o estudio de casosJasson Ticona
 
EVALUACIÓN DEL APRENDIZAJE
EVALUACIÓN DEL APRENDIZAJEEVALUACIÓN DEL APRENDIZAJE
EVALUACIÓN DEL APRENDIZAJEJasson Ticona
 
The risks of risk management
The risks of risk managementThe risks of risk management
The risks of risk managementcjburt
 
Rúbrica como instrumento de evaluación
Rúbrica como instrumento de evaluaciónRúbrica como instrumento de evaluación
Rúbrica como instrumento de evaluaciónJasson Ticona
 
Historia de la evaluación educativa
Historia de la evaluación educativaHistoria de la evaluación educativa
Historia de la evaluación educativaJasson Ticona
 
Pruebas de Desarrollo: Examen temático y Ejercicio Interpretativo
Pruebas de Desarrollo: Examen temático y Ejercicio InterpretativoPruebas de Desarrollo: Examen temático y Ejercicio Interpretativo
Pruebas de Desarrollo: Examen temático y Ejercicio InterpretativoJasson Ticona
 
Elt different methods & approaches
Elt different methods & approachesElt different methods & approaches
Elt different methods & approachesMuhammad Fauzan
 

Viewers also liked (19)

EL DIALOGO
EL DIALOGOEL DIALOGO
EL DIALOGO
 
El portafolioo
El portafoliooEl portafolioo
El portafolioo
 
LA V HURISTICA
LA V HURISTICALA V HURISTICA
LA V HURISTICA
 
ESCALA DE ACTITUDES
ESCALA DE ACTITUDESESCALA DE ACTITUDES
ESCALA DE ACTITUDES
 
Análisis de casos o estudio de casos
Análisis de casos o estudio de casosAnálisis de casos o estudio de casos
Análisis de casos o estudio de casos
 
Proyecto
ProyectoProyecto
Proyecto
 
LA EXPOSICIÓN
LA EXPOSICIÓNLA EXPOSICIÓN
LA EXPOSICIÓN
 
EVALUACIÓN DEL APRENDIZAJE
EVALUACIÓN DEL APRENDIZAJEEVALUACIÓN DEL APRENDIZAJE
EVALUACIÓN DEL APRENDIZAJE
 
The risks of risk management
The risks of risk managementThe risks of risk management
The risks of risk management
 
Rúbrica como instrumento de evaluación
Rúbrica como instrumento de evaluaciónRúbrica como instrumento de evaluación
Rúbrica como instrumento de evaluación
 
Historia de la evaluación educativa
Historia de la evaluación educativaHistoria de la evaluación educativa
Historia de la evaluación educativa
 
Sin and Salvation
Sin and SalvationSin and Salvation
Sin and Salvation
 
Sin & salvation
Sin & salvationSin & salvation
Sin & salvation
 
Pruebas objetivas
Pruebas objetivasPruebas objetivas
Pruebas objetivas
 
El debate
El debateEl debate
El debate
 
Pruebas de Desarrollo: Examen temático y Ejercicio Interpretativo
Pruebas de Desarrollo: Examen temático y Ejercicio InterpretativoPruebas de Desarrollo: Examen temático y Ejercicio Interpretativo
Pruebas de Desarrollo: Examen temático y Ejercicio Interpretativo
 
Lista de cotejo
Lista de cotejoLista de cotejo
Lista de cotejo
 
Elt different methods & approaches
Elt different methods & approachesElt different methods & approaches
Elt different methods & approaches
 
Vision software gestionale
Vision software gestionaleVision software gestionale
Vision software gestionale
 

Similar to The risks of risk management

5 steps for better risk assessment
5 steps for better risk assessment5 steps for better risk assessment
5 steps for better risk assessmentDrMohammedFarid
 
0 Easy Steps To Implement Enterprise Risk Management
0 Easy Steps To Implement Enterprise Risk Management0 Easy Steps To Implement Enterprise Risk Management
0 Easy Steps To Implement Enterprise Risk ManagementNat Rice
 
My report_donald.docx
My report_donald.docxMy report_donald.docx
My report_donald.docxGenevieveGo3
 
Building an invisible framework for risk management
Building an invisible framework for risk managementBuilding an invisible framework for risk management
Building an invisible framework for risk managementhallowedblasphe76
 
OverseeRiskAsNewerMoreComplex
OverseeRiskAsNewerMoreComplexOverseeRiskAsNewerMoreComplex
OverseeRiskAsNewerMoreComplexKashif Ali
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
Topic should be on elderly abuse and ethics of nursingThis assig.docx
Topic should be on elderly abuse and ethics of nursingThis assig.docxTopic should be on elderly abuse and ethics of nursingThis assig.docx
Topic should be on elderly abuse and ethics of nursingThis assig.docxjuliennehar
 
From Startup To Success: Mastering Business Control For Growth By Ashish Agga...
From Startup To Success: Mastering Business Control For Growth By Ashish Agga...From Startup To Success: Mastering Business Control For Growth By Ashish Agga...
From Startup To Success: Mastering Business Control For Growth By Ashish Agga...AshishAggarwal59143
 
From Startup To Success: Mastering Business Control For Growth By Ashish Agga...
From Startup To Success: Mastering Business Control For Growth By Ashish Agga...From Startup To Success: Mastering Business Control For Growth By Ashish Agga...
From Startup To Success: Mastering Business Control For Growth By Ashish Agga...AshishAggarwal59143
 
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)Keith Darcy
 
Compliance and risk management
Compliance and risk managementCompliance and risk management
Compliance and risk managementITSYS Solutions
 
BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941
BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941
BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941Dr. Marc D. Grüter
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...WolfPAC - Integrated Risk Management
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guideCenapSerdarolu
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guideAstalapulosListestos
 
BUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIES
BUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIESBUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIES
BUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIESMark Evans
 
Enterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and PerEnterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and PerTanaMaeskm
 
A Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk ManagementA Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk ManagementTurlough Guerin GAICD FGIA
 

Similar to The risks of risk management (20)

5 steps for better risk assessment
5 steps for better risk assessment5 steps for better risk assessment
5 steps for better risk assessment
 
0 Easy Steps To Implement Enterprise Risk Management
0 Easy Steps To Implement Enterprise Risk Management0 Easy Steps To Implement Enterprise Risk Management
0 Easy Steps To Implement Enterprise Risk Management
 
My report_donald.docx
My report_donald.docxMy report_donald.docx
My report_donald.docx
 
Building an invisible framework for risk management
Building an invisible framework for risk managementBuilding an invisible framework for risk management
Building an invisible framework for risk management
 
OverseeRiskAsNewerMoreComplex
OverseeRiskAsNewerMoreComplexOverseeRiskAsNewerMoreComplex
OverseeRiskAsNewerMoreComplex
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey Christophers
 
Deloitte_Risk Sensing
Deloitte_Risk SensingDeloitte_Risk Sensing
Deloitte_Risk Sensing
 
Topic should be on elderly abuse and ethics of nursingThis assig.docx
Topic should be on elderly abuse and ethics of nursingThis assig.docxTopic should be on elderly abuse and ethics of nursingThis assig.docx
Topic should be on elderly abuse and ethics of nursingThis assig.docx
 
From Startup To Success: Mastering Business Control For Growth By Ashish Agga...
From Startup To Success: Mastering Business Control For Growth By Ashish Agga...From Startup To Success: Mastering Business Control For Growth By Ashish Agga...
From Startup To Success: Mastering Business Control For Growth By Ashish Agga...
 
From Startup To Success: Mastering Business Control For Growth By Ashish Agga...
From Startup To Success: Mastering Business Control For Growth By Ashish Agga...From Startup To Success: Mastering Business Control For Growth By Ashish Agga...
From Startup To Success: Mastering Business Control For Growth By Ashish Agga...
 
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
 
Compliance and risk management
Compliance and risk managementCompliance and risk management
Compliance and risk management
 
CRO Insight
CRO InsightCRO Insight
CRO Insight
 
BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941
BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941
BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guide
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guide
 
BUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIES
BUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIESBUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIES
BUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIES
 
Enterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and PerEnterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and Per
 
A Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk ManagementA Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk Management
 

Recently uploaded

VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girladitipandeya
 
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual serviceanilsa9823
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampPLCLeadershipDevelop
 
internal analysis on strategic management
internal analysis on strategic managementinternal analysis on strategic management
internal analysis on strategic managementharfimakarim
 
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607dollysharma2066
 
{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai
{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai
{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, MumbaiPooja Nehwal
 
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With RoomVIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Roomdivyansh0kumar0
 
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Nehwal
 
CEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biographyCEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biographyHafizMuhammadAbdulla5
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Kondapur high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Kondapur high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls Kondapur high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Kondapur high-profile Call Girladitipandeya
 
operational plan ppt.pptx nursing management
operational plan ppt.pptx nursing managementoperational plan ppt.pptx nursing management
operational plan ppt.pptx nursing managementTulsiDhidhi1
 

Recently uploaded (20)

Peak Performance & Resilience - Dr Dorian Dugmore
Peak Performance & Resilience - Dr Dorian DugmorePeak Performance & Resilience - Dr Dorian Dugmore
Peak Performance & Resilience - Dr Dorian Dugmore
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Ameerpet high-profile Call Girl
 
Call Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICECall Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
 
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
 
Disrupt or be Disrupted - Kirk Vallis.pdf
Disrupt or be Disrupted - Kirk Vallis.pdfDisrupt or be Disrupted - Kirk Vallis.pdf
Disrupt or be Disrupted - Kirk Vallis.pdf
 
Imagine - Creating Healthy Workplaces - Anthony Montgomery.pdf
Imagine - Creating Healthy Workplaces - Anthony Montgomery.pdfImagine - Creating Healthy Workplaces - Anthony Montgomery.pdf
Imagine - Creating Healthy Workplaces - Anthony Montgomery.pdf
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC Bootcamp
 
Leadership in Crisis - Helio Vogas, Risk & Leadership Keynote Speaker
Leadership in Crisis - Helio Vogas, Risk & Leadership Keynote SpeakerLeadership in Crisis - Helio Vogas, Risk & Leadership Keynote Speaker
Leadership in Crisis - Helio Vogas, Risk & Leadership Keynote Speaker
 
internal analysis on strategic management
internal analysis on strategic managementinternal analysis on strategic management
internal analysis on strategic management
 
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
 
Rohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai
{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai
{ 9892124323 }} Call Girls & Escorts in Hotel JW Marriott juhu, Mumbai
 
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With RoomVIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
 
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
 
CEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biographyCEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biography
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Kondapur high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Kondapur high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls Kondapur high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls Kondapur high-profile Call Girl
 
LoveLocalGov - Chris Twigg, Inner Circle
LoveLocalGov - Chris Twigg, Inner CircleLoveLocalGov - Chris Twigg, Inner Circle
LoveLocalGov - Chris Twigg, Inner Circle
 
Unlocking the Future - Dr Max Blumberg, Founder of Blumberg Partnership
Unlocking the Future - Dr Max Blumberg, Founder of Blumberg PartnershipUnlocking the Future - Dr Max Blumberg, Founder of Blumberg Partnership
Unlocking the Future - Dr Max Blumberg, Founder of Blumberg Partnership
 
Empowering Local Government Frontline Services - Mo Baines.pdf
Empowering Local Government Frontline Services - Mo Baines.pdfEmpowering Local Government Frontline Services - Mo Baines.pdf
Empowering Local Government Frontline Services - Mo Baines.pdf
 
operational plan ppt.pptx nursing management
operational plan ppt.pptx nursing managementoperational plan ppt.pptx nursing management
operational plan ppt.pptx nursing management
 

The risks of risk management

  • 1. The risks of risk management © Independent Audit Limited 2016 Imagine you are an audit or risk committee member and it’s that time again. The committee agenda says something like ‘Review of top 12 risks’. Dutifully you and the other committee members run down the list, discussing, asking probing questions, getting updates from management. You look around the table and everyone seems engaged. But you can’t help feeling the whole thing is something of a waste of time. The trouble is, the same process is used by your other boards, so this must be how it’s done... This paper sets out Independent Audit’s thinking on risk management. We help boards and audit/risk committees see through the fog of traditional risk management approaches and ensure appropriate focus on what the business is trying to achieve, and what might prevent its achievement. The symptoms of poor risk management In many businesses, there is a tendency towards ‘risk listing’, with the primary focus on documenting, assessing and prioritising lists of risks. Sadly, in most cases this approach adds little value, leading to page- turning discussions around the top 10 or 20 risks whilst diverting attention away from the real value of risk management, which is to help the business deliver its strategy through achieving its objectives. In the end, the thing risk listing is most successful at is convincing the board and senior management that they are dealing with risk in the same way as other organisations – since this approach is endemic across UK businesses. So what’s the answer? Let’s start with the basics. The purpose of risk management is not to manage risks per se. The purpose of risk management is actually to help you achieve your strategic business objectives. Therefore, having clarity of strategic objectives (covering categories for strategic, operational, information, compliance and viability objectives) is a pre-requisite for effective risk management. Once defined at the highest level, objectives can be cascaded throughout the organisation. This is no small job, but even if you go no further than clearly defining your top level objectives, you should still see benefits. Use of cascaded objectives also provides an effective mechanism for neatly consolidating and ‘rolling up’ risk information to the top level, at the same time as dealing with the problem of linking top down and bottom up risk management approaches. The next step is to recognise that achievement of business objectives isn’t just about managing what might go wrong (risks), but is actually about making sure things go right. Consequently, for each objective, management needs to define what it needs to get right in order to meet that objective. Only at this point does management need to worry about preventing things from going wrong. Identifying what might prevent you from achieving your objectives is a valid (and value-adding) thing to do. It’s just that it needs to be balanced against the need to get things right (and to be clear on what those things might be).
  • 2. © Independent Audit Limited 2016 Risk appetite and conflicting priorities Fortunately, this approach also helps deal with the knotty problem of risk appetite (an organisation’s willingness to take on risk). If truth be told, many organisations struggle to get to grips with risk appetite in any meaningful way. Even in risk-mature businesses it can remain a largely esoteric concept. Far better, and more meaningful, is to consider risks in the context of what you, as a business, are trying to achieve. For example, it is easier to assess whether you are taking on too much risk (or perhaps not enough risk) when you consider those risks in the context of the objective you are trying to achieve. If the objective is very important (such as compliance with law & regulation), you might decide that you can’t take any significant risks that might undermine its achievement. Therefore, on a cost versus benefit basis, it’s worth spending more money on controls to mitigate the risk. Counter-intuitively, the opposite might also be true. For example, you may have an important objective, such as entering a new market, which requires you to take more risk in order to achieve it. Setting risk appetite by objective (or category of objectives) provides the board and senior management with the necessary context to make well-informed risk decisions. Standard risk appetite statements don’t help with this thinking. Putting risks in the context of what you are trying to achieve does. Incidentally, defining business objectives that can be ranked in order of relative importance can also help businesses think through and manage the challenge of conflicting priorities. For example, (and thinking about recent real-world events), is it more important to boost short-term profits through increased market share or ensure long-term viability and stable profits through compliance with (fuel emissions) regulations? There will never be a simple answer to the question of competing priorities, but presenting the board and senior management with objective-based risk information should facilitate a good discussion. From risk management to performance management Taking this thinking further, imagine that you RAG (red, amber, green) rated your objectives for ‘certainty of achievement’ based on whether you are managing to get things right, as well as managing your risks. If this is done across the organisation, with achievement of subsidiary objectives feeding into the ‘certainty of achievement’ of higher level objectives, then suddenly executive management and the board has access to forward-looking performance information drawn from across the organisation. The executive team no longer needs to ‘read the tea leaves’ of financial variance analyses presented in the monthly management pack to decide where to focus resources. The information would be clearly apparent in the RAG-rating of the business’ objectives. It’s likely that senior management would demand this future-looking performance information be provided alongside the financials in every monthly pack. At this point the risk management process becomes a living, breathing part of the business, embedded within day-to-day management processes and contributing to the performance of the business.
  • 3. © Independent Audit Limited 2016 Why do this? You probably already have a sinking feeling that this is all rather complex and a lot of work. And to an extent you would be right – although there are a number of ‘quick wins’ that will have an immediate effect on the way the Board and Audit/Risk Committee consider risks. Implementing this model is likely to result in considerable change affecting all aspects of your organisation – including how the Board directs, management manages and the business performs. The benefits, however, are likely to be considerable – including enhanced business performance, rationalisation of key controls, simplified risk and control reporting (management and regulatory) and improved Audit/Risk Committee line of sight into the first line. The model also aligns closely with UK Corporate Governance Code risk management requirements (including the viability statement). Why Independent Audit As one of the UK’s leading board reviewers, we see a wide range of risk management systems and the different types of risk information provided to boards and audit committees – both the good and the bad. This has helped us develop an intimate understanding of what really matters to boards and what organisations need to get right. Using this understanding, we provide clients with bespoke, light-touch consultancy to help them transform the quality and effectiveness of their risk and broader governance arrangements. If you would like to explore further the ideas and suggestions raised in this paper, or would like more information on how Independent Audit can help you improve your risk arrangements, please feel free to contact Chris Burt, our Risk Practice lead partner. Contact: Chris Burt T +44 (0)20 7220 6588 | M +44 (0)7905 469039 chris.burt@independentaudit.com | www.independentaudit.com 4 Bury Street | London | EC3A 5AW | +44 (0)20 7220 6580