The way an organisation approaches risk is critical to how effectively it is managed. There are structures and procedures that can be put in place to enable an entity to equip itself to deal with risk. When they are combined, these mechanisms create a culture that helps leaders to articulate how important risk is to the running of the company, as well as giving them an understanding of how they can contribute to its management in a constructive manner. When the board has defined and agreed its risk appetite, for example, it can communicate it throughout the company, setting the tone from the top.
Having the right processes in place can vastly improve an organisation’s approach to risk management, yet, what does good structure look like? According to ASX Corporate Governance Council, a listed entity should establish a sound risk management framework and periodically review the effectiveness of that framework. It recommends that employers should have to oversee risk consisting of at least three members, the majority of which, including the chair, should be independent directors. The board should disclose the committee’s members, charter and how many times it has met at the end of a reporting period, as well as who was in attendance. If the board does not have a risk committee or satisfactory equivalent, it should disclose this and outline its alternative arrangements.
In a Risk Management Survey, more than half of board respondents (69 percent) said they have an audit and risk committee or equivalent, while 38 percent have a separate risk department and 28 percent have a dedicated risk committee. Only 13 percent of respondents said that they did not have any of these. This means that organisations are making a serious commitment to risk management and putting in place the right structures to manage it.
In terms of improving risk management culture, Risk Management survey respondents said that better reporting tools and raising the ‘voice’ of risk would be the most helpful (52 percent) for their organisation. These were closely followed by leadership from the board and clarity of purpose or strategy. This seems to tie in with the hesitant responses around how well risk management is understood and suggests that communication and leadership are central to success. Only 26 percent of respondents felt more financial resources would improve their risk management culture and only 16 percent thought suitable reward systems were required.
A good organisation extends beyond the board room. It provides the framework through which the organisation’s strategic objectives are set and cascaded, while the means of attaining them are determined. Below are four key components to managing risk management and culture.
Good governance encompasses not only the systems by which authority is exercised in organisations and how they are controlled but also the mechanisms by which organisations and those who exercise authority within them are held to account.