The way an organisation approaches risk is critical to how effectively it is managed. There are structures and procedures that can be put in place to enable an entity to equip itself to deal with risk. When they are combined, these mechanisms create a culture that helps leaders to articulate how important risk is to the running of the company, as well as giving them an understanding of how they can contribute to its management in a constructive manner. When the board has defined and agreed its risk appetite, for example, it can communicate it throughout the company, setting the tone from the top. 

See also: 5 Criticism Found in Human Resource Management

Risk management 

Having the right processes in place can vastly improve an organisation’s approach to risk management, yet, what does good structure look like? According to ASX Corporate Governance Council, a listed entity should establish a sound risk management framework and periodically review the effectiveness of that framework. It recommends that employers should have to oversee risk consisting of at least three members, the majority of which, including the chair, should be independent directors. The board should disclose the committee’s members, charter and how many times it has met at the end of a reporting period, as well as who was in attendance. If the board does not have a risk committee or satisfactory equivalent, it should disclose this and outline its alternative arrangements. 

In a Risk Management Survey, more than half of board respondents (69 percent) said they have an audit and risk committee or equivalent, while 38 percent have a separate risk department and 28 percent have a dedicated risk committee. Only 13 percent of respondents said that they did not have any of these. This means that organisations are making a serious commitment to risk management and putting in place the right structures to manage it. 

Culture 

In terms of improving risk management culture, Risk Management survey respondents said that better reporting tools and raising the ‘voice’ of risk would be the most helpful (52 percent) for their organisation. These were closely followed by leadership from the board and clarity of purpose or strategy. This seems to tie in with the hesitant responses around how well risk management is understood and suggests that communication and leadership are central to success. Only 26 percent of respondents felt more financial resources would improve their risk management culture and only 16 percent thought suitable reward systems were required. 

Managing the risk 

A good organisation extends beyond the board room. It provides the framework through which the organisation’s strategic objectives are set and cascaded, while the means of attaining them are determined. Below are four key components to managing risk management and culture. 

• Transparency: being clear and unambiguous about the organisation’s structure, operations and performance, both externally and internally, and maintaining a genuine dialogue with, and providing insight to, legitimate stakeholders. 
• Accountability: ensuring that there is clarity of decision making within the organisation, with processes in place to ensure that the right people have the right authority for the organisation to make effective and efficient decisions, with appropriate consequences for failures to follow those processes. 
• Stewardship: developing and maintaining an enterprise-wide recognition that the organisation is managed for the benefit of its shareholders/members, taking reasonable account of the interests of other legitimate stakeholders. 
• Integrity: developing and maintaining a culture committed to ethical behaviour and compliance with the law. Good governance encompasses not only the systems 

Good governance encompasses not only the systems by which authority is exercised in organisations and how they are controlled but also the mechanisms by which organisations and those who exercise authority within them are held to account.

Read also: 4 Fatal Mistakes Leaders Make in Crisis Management