Risk: Directors Should Ask These Five Questions in 2014
The business environment is changing – business models are exposed to disruption; risk profiles change. There are many questions that directors can ask about their organization’s risks and risk management. However, the following five are key questions that directors should ask their organization.
Does our existing risk profile reflect the risks we currently face?
Management’s report on the company’s top risks should incorporate the following:
– Have noted risks increased or decreased
– Are there any new risks
– What is the severity of impact and likelihood of occurrence
Management should also prioritize high impact and low likelihood risks in terms of their reputational effect on the organization, as well as how much damage the risks can have to the organization, how often, and how prepared the organization is in handling what comes its way.
It’s important that companies work to keep risk assessments at the top of their to do list. Identifying new and emerging risks will keep a risk profile current.
Are our risk management capabilities continuously improving to reflect an ever changing business environment?
Once key risks are targeted for your organization, someone has to be given ownership of them. Gaps and overlaps in risk ownership should be eliminated if possible, so that accountability for results is firmly established with business and process owners. You should feel comfortable that:
– There is a strong process in place for managing and monitoring each of the risks critical to your enterprise. This includes an effective plan to respond in the event of a crisis
– Your risk management capabilities are continuously improving and keeping pace with the changes to the business
– Management and reporting on risks is reliable and done in a timely manner.
Are directors and management on the same page in terms of what risks to take?
Some risks are smart to take and will benefit an organization. But directors should communicate with management often about risks the organization should take, risks it should avoid, and how each should be handled. The only way to know for sure what risks to take is to pick apart the organization’s risk tolerance, and how they would achieve or limit business objectives.
Is our risk culture encouraging the right behaviours?
If the CEO chooses to ignore warning signs raised by risk managers over questionable organizational behaviour, or if a reward system is incorrectly focusing on short-term performance targets, then important questions are not being asked about the organization’s strategy. An effectively managed risk culture reflects the values, goals, practices, and attitudes that embed risk into an organization’s processes and operations. It should encourage open communication, knowledge sharing, best practices, continuous process improvement, and a commitment to ethical and responsible behaviour.
Have we integrated risk management with the appropriate management processes?
By integrating risk management into other executive management matters, organizations can obtain their risk management objectives more readily, and successfully execute their strategies. Integration might include annual business planning, performance management, budgeting, competitive intelligence, and merger and acquisition targeting.
Of course, integration of a whistleblower hotline is another tool to help manage risk. Waste, fraud and abuse of authority can all be combated by having an independent reporting mechanism that’s available to your employees to report malfeasance. WhistleBlower Security should be one of the first places your employees can go to report on any perceived wrongdoing or perceived risk.
Whether it’s for regulatory compliance, financial transparency, corporate governance, employee, client, investor or patient relations, becoming WhistleBlower Secured™ will enhance your corporate integrity and empower your employees to contribute to an ethical workplace.