SlideShare ist ein Scribd-Unternehmen logo

Building an invisible framework for risk management

•
•
H
hallowedblasphe76

Risk professionals need to alleviate the burden of the risk management framework on the business by ...

BusinessWirtschaft & Finanzen
1 von 5
Downloaden Sie, um offline zu lesen
Building an invisible framework for risk management Risk professionals need to alleviate the burden of the risk management framework on the business by operating an "invisible framework", allowing the management of risks in a more natural, implicit and proportionate way Recent years have seen the development of a multitude of risk management frameworks of all shapes, colours and forms, general or specific, complex, multidimensional or basic. In the face of the mounting jargon and technicality of the risk management profession, it is important to remember three fundamental roles of the risk function - none of them to do with vocabulary and techniques, or even with the management of risks. Risks must be managed where they arise - that is, at the level of each operation or each transaction in the business. This is why we prefer the term "risk function" to "risk management", referring to an activity rather than a role: an activity to be carried out by the business. Risk frameworks are technical structures helping risk professionals to understand how risks and controls do or should operate within an organisation, but frameworks do not need to be a preoccupation or a burden for the business. Expertise and roles of the risk function The risk function should fulfil three roles: (1) to assist in the definition of risk appetite for the business and the board; (2) to monitor the risk exposure within the risk appetite, and to own the risk management framework; (3) to challenge and to advise on strategic business decisions with regard to risk taking. These three roles require expertise in conceptual and technical aspects of risk identification, assessment, mitigation and monitoring by risk professionals. They also need excellent knowledge of the regulatory demands and of the environment to ensure business compliance and, finally, they should understand the business's processes, its capacity, constraints and vulnerabilities. Defining risk appetite The first and most important role of the risk function is to set up a process allowing the business to define its risk appetite. The UK Corporate Governance Code states that "the board is responsible for determining the nature and extent of the significant risks it is willing to take in achieving its strategic objectives [and] should maintain sound risk management and internal control systems". The risk function has a key role to play in assisting the business and the board to comply with these requirements. Defining a relevant, specific and actionable risk appetite requires a mature risk management process. Assessing the risks that a business is willing to take and maintaining "sound risk management and internal control systems" require identification of the key risks that may negatively impact the business objectives, the evaluation of the current exposure to these risks, and the definition of additional controls if this exposure is judged excessive.
Internal controls exist for the vast majority of risks that need to be mitigated. Alternative solutions relate to risk transfer using external insurance or other solutions, and avoidance - the most radical way of eliminating a risk by eliminating an activity. In control design, proportionality is key: better risk management does not imply no risk or controls at all costs. Similarly, the best risk culture does not necessarily mean the biggest risk aversion. There is a need to balance risk exposure and the corresponding controls, with what they imply in terms of additional costs, constraints and slowed-down processes. Internal controls are, of course, critically important; academic studies on 1,000 US financial institutions demonstrate that internal controls weaknesses are a strong determinant of the frequency of operational risk incidents. However, over-controlling small operations and petty issues may have hidden strategic costs in terms of opportunity loss and diminished strategic ambition. By knowing the business processes and understanding risk assessment, the risk function can assist the business in defining and operating a successful risk appetite. Monitoring risk exposure Operating and monitoring compliance with a well-established risk appetite also relies on the definition of the outcome of the risk function, its role within the organisation and the ways to achieve these goals. It is the role of the risk function to provide a consolidated view of the risk profile of the business, and its responsibility to inform the executive committee about the degree to which the business is respecting - or breaching - risk limits. These responsibilities require the risk function to have great visibility over the conduct of business operations, and great understanding of the risk drivers impacting the business and the possible metrics used to measure these risk drivers, in order to put in place a successful key risk indicator programme that will allow the proper monitoring of risk appetite. Key risk indicators are an effective way of trickling down risk appetite to the level of operations, by aligning their threshold to the business priorities and the risk tolerance statements. Risk monitoring is not limited to the everyday business process; it must extend to upcoming risks and threats, including those due to significant changes in the business environment, whether competitive, technological, regulatory, social or political. Constant monitoring of the regulatory environment, upcoming trends and points of attention from the regulator but also from the general public and the media can be of prime importance in early identification - and mitigation - of potential threats. Some organisations have therefore set up an "upstream risks" committee, in charge of the surveillance of every aspect of the business environment that may modify its risk exposure, and responsible for reporting these risks to the board. Challenging and advising The third role of the risk function is to act as a sounding board to the business regarding decisions that may change the risk profile of the institution. Such business decisions may concern new ventures, commercial accords or acquisitions, new products or new markets, investments or divestments. To fulfil its role in challenging the business, the risk function needs to possess enough delegated
authority to freeze business decisions that may either contradict regulatory requirements or upcoming possible regulatory scrutiny, or exceed risk appetite, without proper acknowledgment from the board. Making the framework invisible The roles and responsibilities of the risk function are thus important and complex, not least because of its transversal position across the organisation, having to co-ordinate various businesses and management personalities, convincing individuals as to the benefits of risk management. We argue that risk professionals who are able to achieve these challenging objectives successfully are operating an "invisible framework". What is an invisible framework? An invisible framework is substance over form: the content and intent of risk management supersedes technical terms and tools, to reach a point where all staff manage their risk implicitly, as part of their day-to-day activities, without necessarily thinking about it. Making the framework invisible implies that risk specialists reach sufficient levels of expertise and comfort in manipulating risk management concepts and techniques that they can communicate their requirements and priorities to the business without the burden of jargon and technique, effectively making the risk management framework "invisible". Three attitudes will help companies to operate an invisible framework: using the language of the business; leveraging existing processes and practices; and providing guidance and using systems to collect and analyse information. Use business language Risk jargon is getting in the way of a constructive relationship between risk managers and business officers. There is no need to overload the business with specific risk language. It is an interesting challenge to talk about risk management without mentioning the term "risk". Without reaching this extreme, there are many ways to translate risk terminologies into concrete business-orientated questions. "What are your key risks?" can, for instance, be turned into "What could happen that may impact the achievement of your objectives?" or "What are your main concerns for your business?" Scenario workshops could start with "What are the largest incidents you have experienced in the last few years?" and "What are the worst things that can happen to your business?" Discussions regarding risk appetite limits could be translated into "What are you comfortable with?" or "How much money are you ready to put at stake?" Even if senior managers are often familiar with most of the risk language, many members of staff are not. Translating technical terms into real life discussions is a powerful way to obtain relevant information. Leverage on existing practices Risk being a support function, it will be better accepted if it tends to adjust to business concerns rather than the other way around. We believe that most successful, accepted and embedded risk management practices are those embracing business priorities and preoccupations, rather than trying to conform the business to the risk functions' views and concerns.
Operating an invisible framework requires advanced capabilities from the risk managers, not only in their core risk discipline, but also in showing enough understanding of the business to put themselves into the shoes of their counterparts and relate to their priorities. For instance, the reason to fill in a risk register is not so much regulatory compliance than protection of company assets, profit and loss objectives and strategy achievement. Scenario analysis comes from the need to protect against large potential losses much more than from the need for capital calculations. Compliance with regulations is important but should not be at the forefront of the risk management argument. Protection of company assets and objectives is a better primary goal of risk management. Furthermore, the best way to integrate risk management into the processes is to operate a process re-engineering. This aspect touches upon the large intersection between the six sigma methodology and operational risk management at process level. Re-engineering processes - only when it is necessary - is to reorganise the sequence of tasks and controls so that errors and incidents become naturally less frequent. It is, in the words of James Reason, the author of Human Error, to adopt a "system approach [that] concentrates on the conditions under which individuals work and tries to build defences to avert errors or mitigate their effects". It is about setting up people for success rather than failure. Six sigma suggests the DMAIC approach: define, measure, analyse, improve and control. It is time consuming and heavily process based but can, in some instances, be greatly beneficial to the business via process improvement and default reduction, improving productivity and reducing error. Only the business has sufficient knowledge of its own processes and potential benefit to undertake a six sigma review. The risk function, however, also needs sufficient understanding of the business operations to support the initiative and evaluate its benefits. Provide guidance and systems support We all need to be willing and able to act; guidance is just as important as motivation and inspiration in influencing behaviours. When risk specialists require the business to "monitor their risks", or "assess their risks" without properly explaining what it means, how to do it concretely and support them throughout the process, very little value is likely to come out of the process. In an invisible framework, the task of running workshops of risk identification, risk and control self- assessment, and scenario analysis is not left to the business. These are facilitated by the risk function - with the involvement of the business of course, but with sufficient guidance, preparation and background information from the risk function. Lastly, integrated technology, systems support and, in particular, risks and incidents reporting structure are of prime importance to ensure seamless reporting process on incidents, risks and controls. Here, again, any reporting and information requirements that leverage pre-existing uses by the business are much more likely to be successfully adopted by the business, highlighting the benefits of an invisible framework. In conclusion, we believe that the risk function has a much greater chance of being accepted and respected if it keeps the risk framework among its own preoccupations and interacts with the business on its own ground, adopting its perspective and language without losing sight of the ultimate goal of a safer business and operational excellence. By operating an invisible framework, risk professionals can keep their technicalities to themselves and provide effective, value-adding assistance to the business lines, improving buy-in, risk culture and compliance.
Dr. Ariane Chapelle is honorary reader at University College London in operational risk. She is owner and director of Ariane Chapelle Consulting Ltd Michael Sicsic is the chairman of ORIC International and group operational risk director at Aviva plc

Empfohlen

Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Tim Leech
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermDr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...WolfPAC - Integrated Risk Management
 
Risk Management for Directors - Governance Institute
Risk Management for Directors - Governance Institute Risk Management for Directors - Governance Institute
Risk Management for Directors - Governance Institute Turlough Guerin GAICD FGIA
 
A Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk ManagementA Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk ManagementTurlough Guerin GAICD FGIA
 
An approach to erm in the insurance industry apria 2002 rama warrier&preeti
An approach to erm in the insurance industry apria 2002 rama warrier&preetiAn approach to erm in the insurance industry apria 2002 rama warrier&preeti
An approach to erm in the insurance industry apria 2002 rama warrier&preetiRama Warrier
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityJeff B
 

Empfohlen

Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Tim Leech
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermDr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...WolfPAC - Integrated Risk Management
 
Risk Management for Directors - Governance Institute
Risk Management for Directors - Governance Institute Risk Management for Directors - Governance Institute
Risk Management for Directors - Governance Institute Turlough Guerin GAICD FGIA
 
A Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk ManagementA Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk ManagementTurlough Guerin GAICD FGIA
 
An approach to erm in the insurance industry apria 2002 rama warrier&preeti
An approach to erm in the insurance industry apria 2002 rama warrier&preetiAn approach to erm in the insurance industry apria 2002 rama warrier&preeti
An approach to erm in the insurance industry apria 2002 rama warrier&preetiRama Warrier
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityJeff B
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateAnthony Chiusano
 
Enterprise Risk Management White Paper
Enterprise Risk Management White PaperEnterprise Risk Management White Paper
Enterprise Risk Management White PaperShadowlit Ndou Sidija
 
grc-today-oct-2015
grc-today-oct-2015grc-today-oct-2015
grc-today-oct-2015Andrew Miller
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentationalygale
 
Common failures of risk management
Common failures of risk management Common failures of risk management
Common failures of risk management Surajit Datta
 
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...prosenzw69
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)deeptica
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
Portfolio Risk Challenges
Portfolio Risk ChallengesPortfolio Risk Challenges
Portfolio Risk Challengesdgeoghegan
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Processregio12
 
Testing value creation through erm maturity
Testing value creation through erm maturityTesting value creation through erm maturity
Testing value creation through erm maturityMbuthiac Mbuthiac
 
Enterprise risk-management1973
Enterprise risk-management1973Enterprise risk-management1973
Enterprise risk-management1973NATHAN Consulting
 
Risk Offering Summary
Risk Offering SummaryRisk Offering Summary
Risk Offering Summarydgeoghegan
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesRahul Bhan (CA, CIA, MBA)
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesRahul Bhan (CA, CIA, MBA)
 
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraEnterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraNik Hasyudeen
 
North Andover academic achievers
North Andover academic achievers North Andover academic achievers
North Andover academic achievers hallowedblasphe76
 
Vyadhyavastha...vyadhi avastha..stages of diseases
Vyadhyavastha...vyadhi avastha..stages of diseasesVyadhyavastha...vyadhi avastha..stages of diseases
Vyadhyavastha...vyadhi avastha..stages of diseasesSDM AYURVEDA COLLEGE HASSAN
 
Donating Cash… or Kaizen | Kevin Meyer
Donating Cash… or Kaizen | Kevin MeyerDonating Cash… or Kaizen | Kevin Meyer
Donating Cash… or Kaizen | Kevin Meyerhallowedblasphe76
 
FORTUNE: Talkback
FORTUNE: TalkbackFORTUNE: Talkback
FORTUNE: Talkbackhallowedblasphe76
 
Supply chain management in paints and coatings.
Supply chain management in paints and coatings.Supply chain management in paints and coatings.
Supply chain management in paints and coatings.hallowedblasphe76
 

Weitere ähnliche Inhalte

Was ist angesagt?

C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateAnthony Chiusano
 
Enterprise Risk Management White Paper
Enterprise Risk Management White PaperEnterprise Risk Management White Paper
Enterprise Risk Management White PaperShadowlit Ndou Sidija
 
grc-today-oct-2015
grc-today-oct-2015grc-today-oct-2015
grc-today-oct-2015Andrew Miller
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentationalygale
 
Common failures of risk management
Common failures of risk management Common failures of risk management
Common failures of risk management Surajit Datta
 
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...prosenzw69
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)deeptica
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
Portfolio Risk Challenges
Portfolio Risk ChallengesPortfolio Risk Challenges
Portfolio Risk Challengesdgeoghegan
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Processregio12
 
Testing value creation through erm maturity
Testing value creation through erm maturityTesting value creation through erm maturity
Testing value creation through erm maturityMbuthiac Mbuthiac
 
Enterprise risk-management1973
Enterprise risk-management1973Enterprise risk-management1973
Enterprise risk-management1973NATHAN Consulting
 
Risk Offering Summary
Risk Offering SummaryRisk Offering Summary
Risk Offering Summarydgeoghegan
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesRahul Bhan (CA, CIA, MBA)
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesRahul Bhan (CA, CIA, MBA)
 
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraEnterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraNik Hasyudeen
 

Was ist angesagt? (17)

C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_Articulate
 
Enterprise Risk Management White Paper
Enterprise Risk Management White PaperEnterprise Risk Management White Paper
Enterprise Risk Management White Paper
 
grc-today-oct-2015
grc-today-oct-2015grc-today-oct-2015
grc-today-oct-2015
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentation
 
Common failures of risk management
Common failures of risk management Common failures of risk management
Common failures of risk management
 
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey Christophers
 
Portfolio Risk Challenges
Portfolio Risk ChallengesPortfolio Risk Challenges
Portfolio Risk Challenges
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Process
 
Testing value creation through erm maturity
Testing value creation through erm maturityTesting value creation through erm maturity
Testing value creation through erm maturity
 
Enterprise risk-management1973
Enterprise risk-management1973Enterprise risk-management1973
Enterprise risk-management1973
 
Risk Offering Summary
Risk Offering SummaryRisk Offering Summary
Risk Offering Summary
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management Services
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management Services
 
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraEnterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
 

Andere mochten auch

North Andover academic achievers
North Andover academic achievers North Andover academic achievers
North Andover academic achievers hallowedblasphe76
 
Vyadhyavastha...vyadhi avastha..stages of diseases
Vyadhyavastha...vyadhi avastha..stages of diseasesVyadhyavastha...vyadhi avastha..stages of diseases
Vyadhyavastha...vyadhi avastha..stages of diseasesSDM AYURVEDA COLLEGE HASSAN
 
Donating Cash… or Kaizen | Kevin Meyer
Donating Cash… or Kaizen | Kevin MeyerDonating Cash… or Kaizen | Kevin Meyer
Donating Cash… or Kaizen | Kevin Meyerhallowedblasphe76
 
Supply chain management in paints and coatings.
Supply chain management in paints and coatings.Supply chain management in paints and coatings.
Supply chain management in paints and coatings.hallowedblasphe76
 
Income-tax scam linked to archdiocese affecting Renton residents
Income-tax scam linked to archdiocese affecting Renton residentsIncome-tax scam linked to archdiocese affecting Renton residents
Income-tax scam linked to archdiocese affecting Renton residentshallowedblasphe76
 
Guernsey County and its surrounding areas meeting and events calendar - Daily...
Guernsey County and its surrounding areas meeting and events calendar - Daily...Guernsey County and its surrounding areas meeting and events calendar - Daily...
Guernsey County and its surrounding areas meeting and events calendar - Daily...hallowedblasphe76
 

Andere mochten auch (8)

North Andover academic achievers
North Andover academic achievers North Andover academic achievers
North Andover academic achievers
 
Vyadhyavastha...vyadhi avastha..stages of diseases
Vyadhyavastha...vyadhi avastha..stages of diseasesVyadhyavastha...vyadhi avastha..stages of diseases
Vyadhyavastha...vyadhi avastha..stages of diseases
 
Donating Cash… or Kaizen | Kevin Meyer
Donating Cash… or Kaizen | Kevin MeyerDonating Cash… or Kaizen | Kevin Meyer
Donating Cash… or Kaizen | Kevin Meyer
 
FORTUNE: Talkback
FORTUNE: TalkbackFORTUNE: Talkback
FORTUNE: Talkback
 
Supply chain management in paints and coatings.
Supply chain management in paints and coatings.Supply chain management in paints and coatings.
Supply chain management in paints and coatings.
 
Income-tax scam linked to archdiocese affecting Renton residents
Income-tax scam linked to archdiocese affecting Renton residentsIncome-tax scam linked to archdiocese affecting Renton residents
Income-tax scam linked to archdiocese affecting Renton residents
 
Guernsey County and its surrounding areas meeting and events calendar - Daily...
Guernsey County and its surrounding areas meeting and events calendar - Daily...Guernsey County and its surrounding areas meeting and events calendar - Daily...
Guernsey County and its surrounding areas meeting and events calendar - Daily...
 
Finance
FinanceFinance
Finance
 

Ă„hnlich wie Building an invisible framework for risk management

Enterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakEnterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakYashavanth Nayak
 
My report_donald.docx
My report_donald.docxMy report_donald.docx
My report_donald.docxGenevieveGo3
 
New Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsNew Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsDavid X Martin
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterDion K Hamilton
 
BUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIES
BUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIESBUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIES
BUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIESMark Evans
 
Fraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueFraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueDavid Graham
 
Marina Basova - Young Risk Professional interview v1.3
Marina Basova - Young Risk Professional interview v1.3Marina Basova - Young Risk Professional interview v1.3
Marina Basova - Young Risk Professional interview v1.3FERMA
 
Operational risk: the new frontier
Operational risk: the new frontierOperational risk: the new frontier
Operational risk: the new frontierMichel Rochette
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAnu Damodaran
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementAnu Damodaran
 
7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management Program7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management ProgramAlicia Edwards
 
Enterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation AgeEnterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation AgeCareer Communications Group
 
Implementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfImplementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfRobert Serena, FSA, CFA, CPCU
 
51_operational_risk
51_operational_risk51_operational_risk
51_operational_riskHafeez Farooq
 
Risk and Control Self Assessment - IRM India Affiliate
Risk and Control Self Assessment - IRM India AffiliateRisk and Control Self Assessment - IRM India Affiliate
Risk and Control Self Assessment - IRM India AffiliateIRM India Affiliate
 
Risk management
Risk managementRisk management
Risk managementkartikganga
 

Ă„hnlich wie Building an invisible framework for risk management (20)

CRO Insight
CRO InsightCRO Insight
CRO Insight
 
Enterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakEnterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G Nayak
 
My report_donald.docx
My report_donald.docxMy report_donald.docx
My report_donald.docx
 
New Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsNew Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-Profits
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
 
BUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIES
BUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIESBUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIES
BUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIES
 
ERM ppt.pptx
ERM ppt.pptxERM ppt.pptx
ERM ppt.pptx
 
Fraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueFraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and value
 
Marina Basova - Young Risk Professional interview v1.3
Marina Basova - Young Risk Professional interview v1.3Marina Basova - Young Risk Professional interview v1.3
Marina Basova - Young Risk Professional interview v1.3
 
Operational risk: the new frontier
Operational risk: the new frontierOperational risk: the new frontier
Operational risk: the new frontier
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
Deloitte_Risk Sensing
Deloitte_Risk SensingDeloitte_Risk Sensing
Deloitte_Risk Sensing
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management Program7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management Program
 
Enterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation AgeEnterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation Age
 
Implementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfImplementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdf
 
51_operational_risk
51_operational_risk51_operational_risk
51_operational_risk
 
Risk and Control Self Assessment - IRM India Affiliate
Risk and Control Self Assessment - IRM India AffiliateRisk and Control Self Assessment - IRM India Affiliate
Risk and Control Self Assessment - IRM India Affiliate
 
Control Risks-ERM-whitepaper
Control Risks-ERM-whitepaperControl Risks-ERM-whitepaper
Control Risks-ERM-whitepaper
 
Risk management
Risk managementRisk management
Risk management
 

KĂĽrzlich hochgeladen

0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Trucks in Minnesota
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in managementchhavia330
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaShree Krishna Exports
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 

KĂĽrzlich hochgeladen (20)

0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in management
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in India
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 

Building an invisible framework for risk management

  • 1. Building an invisible framework for risk management Risk professionals need to alleviate the burden of the risk management framework on the business by operating an "invisible framework", allowing the management of risks in a more natural, implicit and proportionate way Recent years have seen the development of a multitude of risk management frameworks of all shapes, colours and forms, general or specific, complex, multidimensional or basic. In the face of the mounting jargon and technicality of the risk management profession, it is important to remember three fundamental roles of the risk function - none of them to do with vocabulary and techniques, or even with the management of risks. Risks must be managed where they arise - that is, at the level of each operation or each transaction in the business. This is why we prefer the term "risk function" to "risk management", referring to an activity rather than a role: an activity to be carried out by the business. Risk frameworks are technical structures helping risk professionals to understand how risks and controls do or should operate within an organisation, but frameworks do not need to be a preoccupation or a burden for the business. Expertise and roles of the risk function The risk function should fulfil three roles: (1) to assist in the definition of risk appetite for the business and the board; (2) to monitor the risk exposure within the risk appetite, and to own the risk management framework; (3) to challenge and to advise on strategic business decisions with regard to risk taking. These three roles require expertise in conceptual and technical aspects of risk identification, assessment, mitigation and monitoring by risk professionals. They also need excellent knowledge of the regulatory demands and of the environment to ensure business compliance and, finally, they should understand the business's processes, its capacity, constraints and vulnerabilities. Defining risk appetite The first and most important role of the risk function is to set up a process allowing the business to define its risk appetite. The UK Corporate Governance Code states that "the board is responsible for determining the nature and extent of the significant risks it is willing to take in achieving its strategic objectives [and] should maintain sound risk management and internal control systems". The risk function has a key role to play in assisting the business and the board to comply with these requirements. Defining a relevant, specific and actionable risk appetite requires a mature risk management process. Assessing the risks that a business is willing to take and maintaining "sound risk management and internal control systems" require identification of the key risks that may negatively impact the business objectives, the evaluation of the current exposure to these risks, and the definition of additional controls if this exposure is judged excessive.
  • 2. Internal controls exist for the vast majority of risks that need to be mitigated. Alternative solutions relate to risk transfer using external insurance or other solutions, and avoidance - the most radical way of eliminating a risk by eliminating an activity. In control design, proportionality is key: better risk management does not imply no risk or controls at all costs. Similarly, the best risk culture does not necessarily mean the biggest risk aversion. There is a need to balance risk exposure and the corresponding controls, with what they imply in terms of additional costs, constraints and slowed-down processes. Internal controls are, of course, critically important; academic studies on 1,000 US financial institutions demonstrate that internal controls weaknesses are a strong determinant of the frequency of operational risk incidents. However, over-controlling small operations and petty issues may have hidden strategic costs in terms of opportunity loss and diminished strategic ambition. By knowing the business processes and understanding risk assessment, the risk function can assist the business in defining and operating a successful risk appetite. Monitoring risk exposure Operating and monitoring compliance with a well-established risk appetite also relies on the definition of the outcome of the risk function, its role within the organisation and the ways to achieve these goals. It is the role of the risk function to provide a consolidated view of the risk profile of the business, and its responsibility to inform the executive committee about the degree to which the business is respecting - or breaching - risk limits. These responsibilities require the risk function to have great visibility over the conduct of business operations, and great understanding of the risk drivers impacting the business and the possible metrics used to measure these risk drivers, in order to put in place a successful key risk indicator programme that will allow the proper monitoring of risk appetite. Key risk indicators are an effective way of trickling down risk appetite to the level of operations, by aligning their threshold to the business priorities and the risk tolerance statements. Risk monitoring is not limited to the everyday business process; it must extend to upcoming risks and threats, including those due to significant changes in the business environment, whether competitive, technological, regulatory, social or political. Constant monitoring of the regulatory environment, upcoming trends and points of attention from the regulator but also from the general public and the media can be of prime importance in early identification - and mitigation - of potential threats. Some organisations have therefore set up an "upstream risks" committee, in charge of the surveillance of every aspect of the business environment that may modify its risk exposure, and responsible for reporting these risks to the board. Challenging and advising The third role of the risk function is to act as a sounding board to the business regarding decisions that may change the risk profile of the institution. Such business decisions may concern new ventures, commercial accords or acquisitions, new products or new markets, investments or divestments. To fulfil its role in challenging the business, the risk function needs to possess enough delegated
  • 3. authority to freeze business decisions that may either contradict regulatory requirements or upcoming possible regulatory scrutiny, or exceed risk appetite, without proper acknowledgment from the board. Making the framework invisible The roles and responsibilities of the risk function are thus important and complex, not least because of its transversal position across the organisation, having to co-ordinate various businesses and management personalities, convincing individuals as to the benefits of risk management. We argue that risk professionals who are able to achieve these challenging objectives successfully are operating an "invisible framework". What is an invisible framework? An invisible framework is substance over form: the content and intent of risk management supersedes technical terms and tools, to reach a point where all staff manage their risk implicitly, as part of their day-to-day activities, without necessarily thinking about it. Making the framework invisible implies that risk specialists reach sufficient levels of expertise and comfort in manipulating risk management concepts and techniques that they can communicate their requirements and priorities to the business without the burden of jargon and technique, effectively making the risk management framework "invisible". Three attitudes will help companies to operate an invisible framework: using the language of the business; leveraging existing processes and practices; and providing guidance and using systems to collect and analyse information. Use business language Risk jargon is getting in the way of a constructive relationship between risk managers and business officers. There is no need to overload the business with specific risk language. It is an interesting challenge to talk about risk management without mentioning the term "risk". Without reaching this extreme, there are many ways to translate risk terminologies into concrete business-orientated questions. "What are your key risks?" can, for instance, be turned into "What could happen that may impact the achievement of your objectives?" or "What are your main concerns for your business?" Scenario workshops could start with "What are the largest incidents you have experienced in the last few years?" and "What are the worst things that can happen to your business?" Discussions regarding risk appetite limits could be translated into "What are you comfortable with?" or "How much money are you ready to put at stake?" Even if senior managers are often familiar with most of the risk language, many members of staff are not. Translating technical terms into real life discussions is a powerful way to obtain relevant information. Leverage on existing practices Risk being a support function, it will be better accepted if it tends to adjust to business concerns rather than the other way around. We believe that most successful, accepted and embedded risk management practices are those embracing business priorities and preoccupations, rather than trying to conform the business to the risk functions' views and concerns.
  • 4. Operating an invisible framework requires advanced capabilities from the risk managers, not only in their core risk discipline, but also in showing enough understanding of the business to put themselves into the shoes of their counterparts and relate to their priorities. For instance, the reason to fill in a risk register is not so much regulatory compliance than protection of company assets, profit and loss objectives and strategy achievement. Scenario analysis comes from the need to protect against large potential losses much more than from the need for capital calculations. Compliance with regulations is important but should not be at the forefront of the risk management argument. Protection of company assets and objectives is a better primary goal of risk management. Furthermore, the best way to integrate risk management into the processes is to operate a process re-engineering. This aspect touches upon the large intersection between the six sigma methodology and operational risk management at process level. Re-engineering processes - only when it is necessary - is to reorganise the sequence of tasks and controls so that errors and incidents become naturally less frequent. It is, in the words of James Reason, the author of Human Error, to adopt a "system approach [that] concentrates on the conditions under which individuals work and tries to build defences to avert errors or mitigate their effects". It is about setting up people for success rather than failure. Six sigma suggests the DMAIC approach: define, measure, analyse, improve and control. It is time consuming and heavily process based but can, in some instances, be greatly beneficial to the business via process improvement and default reduction, improving productivity and reducing error. Only the business has sufficient knowledge of its own processes and potential benefit to undertake a six sigma review. The risk function, however, also needs sufficient understanding of the business operations to support the initiative and evaluate its benefits. Provide guidance and systems support We all need to be willing and able to act; guidance is just as important as motivation and inspiration in influencing behaviours. When risk specialists require the business to "monitor their risks", or "assess their risks" without properly explaining what it means, how to do it concretely and support them throughout the process, very little value is likely to come out of the process. In an invisible framework, the task of running workshops of risk identification, risk and control self- assessment, and scenario analysis is not left to the business. These are facilitated by the risk function - with the involvement of the business of course, but with sufficient guidance, preparation and background information from the risk function. Lastly, integrated technology, systems support and, in particular, risks and incidents reporting structure are of prime importance to ensure seamless reporting process on incidents, risks and controls. Here, again, any reporting and information requirements that leverage pre-existing uses by the business are much more likely to be successfully adopted by the business, highlighting the benefits of an invisible framework. In conclusion, we believe that the risk function has a much greater chance of being accepted and respected if it keeps the risk framework among its own preoccupations and interacts with the business on its own ground, adopting its perspective and language without losing sight of the ultimate goal of a safer business and operational excellence. By operating an invisible framework, risk professionals can keep their technicalities to themselves and provide effective, value-adding assistance to the business lines, improving buy-in, risk culture and compliance.
  • 5. Dr. Ariane Chapelle is honorary reader at University College London in operational risk. She is owner and director of Ariane Chapelle Consulting Ltd Michael Sicsic is the chairman of ORIC International and group operational risk director at Aviva plc