While the discipline of risk management has certainly become widely accepted as good business practice across the public and private sectors, it is unfortunately still commonplace for Boards and managers to consider it as a compliance requirement rather than as a beneficial practice for improving performance outcomes.
The compliance approach to risk management can result in a focus being placed only on operational areas that have clear regulatory impacts. For example, an organisation frequently will have a safety risk register, which recognises potential impacts from failing to properly address risks to worker health and safety, while failing to systematically identify and address risks to other objectives of the organisation e.g. strategic direction.
The result of this approach is usually that risk management principles are embedded in some areas of the organisation but not others, and that there are differences across the organisation relating to risk appetite, risk management processes, risk reporting requirements etc., depending on the organisational area and their regulatory obligations.
Breaking down this silo-based approach can enhance organisational performance in several ways:
- Firstly, the overheads of maintaining a risk management program can be reduced by eliminating duplication across the organisation and centralising some systems and functions.
- Secondly, management decision-making for the best outcome of the whole organisation is facilitated by use of consistent risk management terminology, methodology and reporting across the organisation (i.e. being able to compare apples to apples).
- Thirdly, ensuring that risk management is consistently and uniformly implemented across the organisation enhances the ability to identify and control all risks to the organisation’s objectives, versus isolated pockets of risk, and means that the organisation can better respond to and learn from risk incidents when they occur.
For further advice regarding implementing Enterprise Risk Management, refer to earlier Insight editions 13, 29 and 49.
Please contact QRMC for more information.