The importance of risk management
According to the Institute of Internal Auditors of Spain, organisations require resilience and growth to navigate the crises that occur globally. It is in this context that risk management is born, with the aim of providing a tool to retrieve the necessary information on the main risk events within companies.
Risk Management is a very important front within the organisation, defined by ISO 31000:2018 as all those activities implemented to direct and control the organisation to risk. In broad terms, it is about identifying, assessing and reporting the risks encountered in the business or operation. However, risk management is not just a technical process within the company, it has a much deeper meaning.
Risk management is about having professional judgement within day-to-day activities to detect in a timely manner those areas where measures should be put in place to decrease the severity of such an event, but how do you know that such a tool exists or what relevance does it have?
Risk experts should be involved in this activity, their task is not only to accompany the identification and evaluation of possible risks within each of the disciplines that make up the company, but also to instruct them and make them aware of a risk culture.
The role of risk owners
Risk culture is, in a nutshell, those guidelines or directives within the corporate culture that are intended to govern the risk management process.
They are a key part of the process, as they are the ones who are involved in the day-to-day running of the operation and who, therefore, might observe some relevant element to be addressed within the risk management process, now, we begin to go a little further, because risk culture is necessary within the whole company.
With this in mind, we are much more aware that risk owners are those who actively participate in each of the multidisciplinary areas of the company, working in areas such as accounting, technology, communication, etc. They must be aligned with the risk culture of the company.
They must be aligned with the corporate risk culture, as well as have sufficient training and tools to identify any threats or opportunities that arise.
Pillars for a Risk Culture
The risk culture has different pillars, the first and the starting point for everything are the guidelines that oversee the process, both in form and substance, and will be the solid foundation for the subsequent activities. To drive this, there must be leadership to permeate all the instructions within the key elements in the areas, also a vision focused on continuous improvement and an important commitment to constant training, now a big question arises: how is all this implemented? There is quite an extensive list of activities that can be carried out, however, there are four areas that can be of great help:
Continuous improvement, as one of the initial objectives of risk management, is that all parties and information involved have the highest quality, since, it must be timely information that promotes being a reference for decision making, however, excellence should not be expected overnight, from the expert and coordinator of the process, standards should be established and socialised with all involved, through training and constant communication, guiding the expected expectations.
Periodic accompaniment, risk owners have a great role in this process, since they are the ones who must replicate best practices and identify threats or opportunities within the business, so the risk coordinator should keep in mind that managers should not be left alone in the process, on the contrary, initiatives should be implemented to sensitise managers more and more, from talks, workshops, training, bringing external referents from the sector, etc.
Communication and positioning, this element should not be limited to direct communication with risk owners, many tools can be found to implement communication on risk culture, seek or establish forums where the risk coordination function is positioned and explain how it adds value within the company, so that it does not appear to be an isolated function, but is seen as what it is, a function associated with the strategy and with the goal of implementing measures to anticipate unfortunate events, as well as mapping business opportunities.
Follow-up on expectations, once the seeds of cultivation have been sown, it must be monitored to ensure that the seedlings grow as expected, making the necessary adjustments to bring about the projected quality.
It should be noted that all these initiatives must always be accompanied by an ethical, proactive and professional attitude, since, as risk coordinators, the main task is to guide a risk process aligned to corporate guidelines.
Conclusions
Risk management is not only about implementing a risk identification and risk assessment management, it must also involve employees to acquire a risk perspective strong enough to obtain a solid risk management model. Risk owners are a key part of this process and therefore, they must have the necessary support to become aware of the regulations, as well as having a great responsibility to identify and discern the events that should be part of the process.