Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Future of risk management
|
Alternative approaches
113 It is under Clause 8 in the new format that the familiar steps of the risk management process would be included for organizations that decide to adopt the structure of Annex SL when implementing an enterprise risk management initiative. Future of risk management The emerging trends in risk management have been mentioned throughout the book. The development of international risk management standard ISO 31000 is undoubtedly an important step forward for risk management practitioners. The emergence of enhanced corporate governance codes has also added profile to the practice of risk management in many countries. The effects of the global financial crisis are still being felt and questions are still being asked of risk management and why it did not contribute more to the avoidance of this crisis. Other important trends include the development of enhanced reporting require- ments that are being placed on organizations of all types. This is especially true of organizations that are listed on stock exchanges around the world. Risk management information systems are becoming more developed and sophisticated and can offer a significant benefit to organizations that use them. Despite all of these developments and the undoubted increasing professionalism and competence of risk management practitioners, there is still scope to ask questions about future developments in risk management. The emergence of ‘governance, risk and compliance’ (GRC) has been mentioned and it represents a major step forward in the structure of risk management activities. The emergence of GRC, together with a better understanding of the benefits of the three lines of defence, has put organizations in a better position to practise risk management. Risk management practitioners realize that their discipline makes a major contribution and they are also aware that risk management activity should be integrated with other management activities. In some cases, there is every danger that risk management activities will become integrated with audit activities, and these three lines of defence then become the two lines of defence. There is a need for organizations to integrate risk activities throughout the whole of their organizations, rather than treating risk management activities as a separate management role that requires separate management information. Perhaps this is one of the major disadvantages of the use of the risk register in many organizations. The risk register is a snapshot of risk management activities in the organization, but the risk is that it is not reviewed on a continuous basis. The risk register is often a static document that does little to add benefit to the management of the organization. Perhaps the time of the risk register has passed, and organizations should now be integrating risk assessment, risk recording and risk action plans within the manage- ment information that is used for the day-to-day management of the organization. In summary, the challenge for risk managers and risk management is to keep risk management activities proportionate, aligned, comprehensive, embedded and dynamic (PACED). However, the challenges of doing this are becoming greater as boards, executive management, managers and staff become more familiar with the theory and application of risk management. The challenge is to ensure integration of these activities, without them becoming so routine that the importance of risk |
