Print Page   |   Contact Us   |   Sign In   |   Apply online
Community Search

2017-10-30 » 2017-10-31
Operational Risk Management Training - 30 & 31 October 2017 Cape Town

2017-11-02 » 2017-11-03
Operational Risk Management Training - 2 & 3 November 2017 - Durban

2017 IRMSA Gala Dinner & Awards Ceremony (3 November)

2017-11-06 » 2017-11-07
Risk Framework - 6&7 November 2017

2017-11-09 » 2017-11-10
Business Continuity Management 09&10 November 2017 (Namibia)

IRMSA Insight
Blog Home All Blogs
Search all posts for:   


View all (38) posts »

Risk management – what is your foundation?

Posted By Berenice Francis, 25 March 2013

Risk management – what is your foundation?

By Berenice Francis

Executive: Risk, Imperial Holdings



Having worked in both private and public institutions, the early days of my career were spent focusing on making sure the process of risk happened. Did we do all our assessments? Are we recording loss events? Have we listed mitigation strategies? All basic process matters.

Over the years I have found that irrespective of whether we follow the process we need to look at more substantive and harder issues to really ensure that our risk management system is working. I now spend my time worrying about what we might be missing, how do we make the risks more relevant and reflective of the organization we are in and do our strategies make sense in the context of the risks we have defined. More importantly, are they making any real difference to our risk exposures?

But what truly gives me comfort regarding the processes we follow is assessing whether the organisation has the right foundation. But let's be honest, do we assess our foundation enough?

The key questions I ask regarding a foundation of good risk management are:

· Board belief in Management's ability to perform:

Does the governance authority believe that they have the right team to get the job done and then let them get on with running the organization? Too often we see board interference in operational matters. As a board member one of the key responsibilities you have to the organisation is to get the right CEO, and then give management the responsibility to operate within the parameters that have been set.

· Empowerment and integrity of management:

Is management given the authoritative parameters to do its job and take risks? More importantly does it use that authority to make decisions and get things done?

When it comes to integrity - are our people honest enough to raise the issues or risks early enough when they have made a mistake or error of judgment, and are they capable enough to assess that the impact of the risk when it materialises is beyond their ability to absorb.

When last as a risk practitioner have you assessed either the Board's assessment of management or the caliber of people we have in the organisation. Given no assessment of this as your foundation we can do risk assessment after risk assessment, produce risk registers filling thousands of pages, tick off all those lovely processes we know we should be doing and still get it very wrong.

So as risk professionals ticking process boxes, whether to comply with legislation or code requires way too much effort, time and resources without ensuring that you have the right foundation first. Thus allowing your risk management processes to rightfully contribute to the ongoing sustainability of your organisation

This post has not been tagged.

Share |
Permalink | Comments (0)
Sign In
Sign In securely