Risk functions must evolve and be reimagined
- Contributed by the Risk Management Institute of Australia
Risk functions and risk management, in many cases, function separately from the front line.
For risk management to be effective it needs to be the responsibility of the whole business, with consideration of the board’s risk appetite, business sustainability, data governance and technology all vital components.
With the breakdown of public trust across many industries, the reaction from politicians and regulators is to increase oversight, regulations and compliance.
The impact is increased costs and, often, an increasing divide between the risk management profession and the operations of the business.
The perception being that risk is the handbrake for business growth and innovation. So the risk function and risk across businesses must evolve and be reimagined.
To regain trust, the board, management and operations have to align culturally and manage both the risk and reward related to business decisions.
The key is to seize the opportunity in good risk management and find value in each decision to create sustainable businesses.
In reimagining the risk business function and processes, organisations need to utilise emerging technology and use data so that there is “one source of truth” used for business information, second-line-of-defence compliance and reporting and third-line internal and external assurance.
A holistic approach to risk
To effectively manage risk, organisations need to look holistically at how a board structures its governance and incentivises its management to achieve the business’s purpose.
To achieve the right outcomes the following key steps need to be carefully considered:
- What is the organisation’s risk appetite?
- What is the longer term, sustainable view of how to manage risk and reward?
- Who is responsible for risk management and how is this articulated?
- What is the best technology platform?
- How can data play a role in the future of risk management?
Evolving risk maturity
So how does a business measure its risk maturity and decide the approach and investment required in maturing its risk processes to achieve the above?
Self-assessment against market practice and global standards is a start but seeking independent help is always advisable to get an unbiased view.