From stricter regulations to previously unimaginable key risk indicators, every company's risk profile is becoming more complex. Ask these 3 questions about your risk governance structure. To find out more, visit workiva.com.
2. workiva.com
From stricter regulations to previously unimaginable key risk indicators,
every company's risk profile is becoming more complex.
Ask these 3 questions about your current risk governance structure to
avoid the pitfalls of an ineffective risk governance structure.
The structure of risk governance is evolving.
3. workiva.com
What is the board's role in
your current ERM framework?
"Global risk management survey, ninth edition. Operating in the new normal: Increased regulation and heightened expectations.” (2015). Deloitte University Press. Retrieved
from https://www2.deloitte.com/content/dam/Deloitte/lu/Documents/risk/dtt-en-wp-global-risk-management-survey9-20052015.pdf
"Eighty-five percent of respondents said their
board of directors currently devote more time
to oversight of risk than they did two years ago."
85%
4. workiva.com
If your board's involvement is confined to receiving risk reports or
approving risk appetite statements, then a big part of your governance
structure is underutilized.
Traditional approach
5. workiva.com
The board's role should expand so that it's empowered to provide direct
feedback through the risk assessment process, ongoing risk profile
dialogue, and discussions around emerging risks.
By expanding the board's input beyond its traditional role as consumers
of risk reporting, a true top-down risk culture can be achieved. This leads
to better visibility of critical risk information across the organization.
Evolved approach
6. workiva.com
How does your organization communicate
risk information to stakeholders?
"Making strides in financial services risk management” (2011). Ernst & Young. Retrieved from https://issuu.com/ezra1110/docs/making_strides_in_financial_services_risk_manageme
A recent IIF/EY industry survey indicated that
92% of firms interviewed reported an increase in
senior management attention on strengthening
the risk culture.
92%
7. workiva.com
When communicating risk information, the structure is typically focused
on reporting up through the organization, rather than on keeping all
levels of the organization informed.
Traditional approach
8. workiva.com
A continuous socializing of critical risk data assists in increasing risk
management transparency—which, in turn, helps to build a more efficient
and effective communication process.
An informed risk culture helps your first line of defense, management, and
board operate with an increased and directed perspective on the risk
management framework, which leads to better business decisions.
Evolved approach
9. workiva.com
How often does your
organization review its risk profile?
"2014 global survey on reputation risk.” (2014). Deloitte Touche Tohmatsu Limited. Retrieved from
https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Governance-Risk-Compliance/gx_grc_Reputation@Risk%20survey%20report_FINAL.pdf
"Companies feel most prepared to manage
risks within their direct control and least
prepared for risks beyond their direct control."
11. workiva.comworkiva.com
By reviewing risk profiles with a frequency proportionate to the
complexity of your business, your framework is better aligned with the
true state of your current risk environment.
Additionally, organizations are better prepared for risk drivers beyond
their direct control. This allows your framework to become more
responsive to a quickly changing internal and external risk environment.
Evolved approach
13. workiva.comworkiva.com
While these questions shouldn't be the ending point for
assessing the health of your risk governance structure,
they can help organizations increase cohesion and
collaboration on risk management initiatives—ultimately
leading to a stronger risk framework and risk culture.