Fundamentals of Risk Management


Download 3.45 Mb.
Pdf ko'rish
bet289/445
Sana02.06.2024
Hajmi3.45 Mb.
#1833791
1   ...   285   286   287   288   289   290   291   292   ...   445
Bog'liq
Fundamentals of Risk Management

Risk-aware culture
295
The embedding of risk management into the organization has been undertaken by following 
three routes: a risk awareness campaign, the implementation of new risk identification 
processes at directorate level, and the ongoing development of existing risk processes at
a strategic level.
The primary aim of the awareness campaign was to make staff realize their responsibilities 
towards risk, whilst at directorate level the introduction of risk registers has been collaborative 
and inclusive. Strategically, further development of the corporate risk register aims to bring 
tighter control of risk and provides comprehensive evidence and assurance to the board that 
risks are managed.
risk awareness campaign
investigating incidents, management should demonstrate care and concern towards 
employees. Employees should feel that they are able to report issues and concerns 
without fear that they will be blamed or disciplined personally.
A risk-aware culture requires good communication of risk information from
senior management. Good communication also requires that reports from all 
employees, as well as reports from outside the organization, are welcome and well 
received. Information on risk performance should be included in the communication 
activities.
Measuring risk culture
It can be difficult for an organization to measure risk culture. However, the risk
culture of the organization is so important that measurements need to be taken. 
Audit committees will often ask how seriously a department or location takes risk 
management. In general, it will be easy to answer this question on a qualitative basis. 
However, quantitative measurements are required, so that areas of weakness can be 
identified and improvement actions planned.
The Canadian Criteria of Control (CoCo) framework represents a means for 
measuring the risk culture of the organization. Another measure of the risk culture 
is that the audit committee seeks to evaluate the level of risk assurance that is
available from the particular unit or division under consideration.
Another means of measuring risk culture is to look at the level of risk maturity 
within the organization. A later section of this chapter considers risk maturity models 
in more detail. Quantitative measures that indicate the level of risk maturity can be
taken and areas for improvement can then be identified. The box below provides an 
example of risk awareness and the embedding of risk management into the culture 
of an organization.



Download 3.45 Mb.

Do'stlaringiz bilan baham:
1   ...   285   286   287   288   289   290   291   292   ...   445




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling