Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- FIgURE 24.1 Risk maturity demonstrated on a matrix Improving behaviour Increasing effort
- Risk-aware culture 301
|
Risk culture
300 of maturity in relation to risk management processes does not necessarily guarantee that a greater level of sophistication will be achieved, or that a higher level of benefits will be obtained. Nevertheless, achieving an improved level of risk maturity may be one of the strategic aims for risk management within the organization. If that is the case, an established framework for measuring risk maturity is required. It is important that the organization uses a risk maturity model that aligns with its own ambitions in relation to risk management maturity and provides a practical approach that can be embedded within the organization. Figure 24.1 provides an interpretation of the level of risk maturity of an organ- ization, based on the 4Ns model. The figure suggests that there is a relationship between whether behaviour is embedded or automatic on one hand against competent or desirable on the other. A naïve organization will automatically accept incompetent or undesirable behaviours. A novice organization will become aware that the behaviours are incompetent or undesirable and will have started to make an effort to improve behaviour, but it will not yet have achieved change. However, as change is achieved, it will move towards improved normalized behaviours. FIgURE 24.1 Risk maturity demonstrated on a matrix Improving behaviour Increasing effort Natural Normalized Novice Naïve Competent or desirable Incompetent or undesirable Intentional or deliberate Embedded or automatic Progress to more risk mature organization Risk-aware culture 301 The status achieved by an organization with the natural state of risk maturity is that competent or desirable behaviours will automatically occur, with little management effort or enforcement. The achievement at this point is to ensure that behaviours are also consistent. One of the primary reasons for producing risk management policies and procedures is to ensure that appropriate behaviours are consistently achieved. Ensuring consistent desirable behaviours is one of the primary objectives of a risk management initiative. The normalized organization is successful in achieving competent or desirable beha viours, but these are not yet automatic. When the organization reaches the stage of being a natural in risk management, then the competent or desirable behaviours will become unconscious or automatic. This model provides a means of illustrating the four levels of risk maturity (4Ns) on a matrix and also indicates that the decline from natural behaviour back to naïve may be a short step for organizations that do not put sufficient effort into maintaining their level of risk maturity. Several types of risk maturity approaches are in existence, including the Criteria of Control (CoCo) framework. The approach adopted by the CoCo framework focuses very heavily on the importance of risk maturity. The approach of this internal control framework is that if the risk culture and the risk architecture, strategy and protocols are correct then good levels of risk management and internal control will be achieved. Another risk maturity model that is frequently used is the European Foundation for Quality Management (EFQM) model. Finally, the similarities between Figure 24.1 and 4.2 are worth considering. There is a need to inform a naïve organization and reform a novice organization. A normal- ized organization will conform with requirements and a natural organization will be successful and perform. |
