Fundamentals of Risk Management


Download 3.45 Mb.
Pdf ko'rish
bet290/445
Sana02.06.2024
Hajmi3.45 Mb.
#1833791
1   ...   286   287   288   289   290   291   292   293   ...   445
Bog'liq
Fundamentals of Risk Management

Risk culture 
296
The quality of a risk management policy and details of the requirements and pro-
cedures contained in the risk guidelines or protocols will give an indication of the 
risk culture of the organization. For many organizations, improvement in the risk 
culture is a valid strategic risk objective. This will be especially true when areas of 
weakness in the level of risk awareness have been identified.
When undertaking actions to improve the risk culture within an organization,
it is important to acknowledge that improving the risk management processes must 
lead to improvements in risk management outputs. This, in turn, should have a positive 
impact that delivers greater benefits from risk management.
There is little point in improving the risk management processes as a means of 
improving the risk culture of the organization if the overall effectiveness of the risk 
management effort is not enhanced. There is a danger that enhancing and improving 
the risk management process in an organization is automatically assumed to have 
improved the risk culture.
It is possible for the risk management process to be enhanced without the risk 
culture of the organization being improved. For example, a more aggressive internal 
audit programme may improve compliance standards, but that does not guarantee 
that the risk culture of the organization has been enhanced. Improvements to the risk 
management process may not deliver any additional benefits, whereas improvements 
to the risk culture should be expected to provide an enhanced level of risk assurance.
ISO 31000 places considerable importance on context, and this is illustrated in 
Figure 6.4. Information is provided in the standard on the importance of the external 
context, internal context and risk management context for the organization. Context 
is closely related to risk management culture and the benefits that will be derived 
from enhanced risk management within the organization.
The Canadian Criteria of Control (CoCo) framework of internal control concen-
trates on the control environment in an organization. Additionally, the COSO ERM 
framework (2004) refers to the internal environment of the organization, rather than 
the control environment that is described in the COSO Internal Control framework 
(2013). The control environment and the internal environment are measures of the 
risk culture and the level of risk awareness within the organization.
An overall improvement in risk performance will be achieved through improvements 
in the internal context, risk management context, control environment or internal 
environment. The level of risk maturity, the achievement of a risk-aware culture and 
the fulfilment of the LILAC criteria set out in Table 24.3 are all means of improving 
the control or internal environment.
During the 1990s, a system called the balanced scorecard became a popular manage-
ment tool. This is a management system that enables organizations to clarify their 
vision and strategy and translate them into action. Many large organizations use 
balanced scorecards as a means of establishing context for the various initiatives that 
are undertaken within the organization. The government agency used as the basis for 
Figure 28.2 is an example of an organization that uses the balanced scorecard.
If an organization uses the balanced scorecard, it is sensible to use the same frame-
work for risk management activities. When risk management processes and procedures 
are compatible with existing activities, the risk management requirements are more 
likely to be accepted and fulfilled. This represents an alignment of risk management 
activities with existing protocols, in order to embed risk management in the organ-
ization and create a more risk-aware culture.



Download 3.45 Mb.

Do'stlaringiz bilan baham:
1   ...   286   287   288   289   290   291   292   293   ...   445




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling