Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Measuring risk culture
|
Risk-aware culture
295 The embedding of risk management into the organization has been undertaken by following three routes: a risk awareness campaign, the implementation of new risk identification processes at directorate level, and the ongoing development of existing risk processes at a strategic level. The primary aim of the awareness campaign was to make staff realize their responsibilities towards risk, whilst at directorate level the introduction of risk registers has been collaborative and inclusive. Strategically, further development of the corporate risk register aims to bring tighter control of risk and provides comprehensive evidence and assurance to the board that risks are managed. risk awareness campaign investigating incidents, management should demonstrate care and concern towards employees. Employees should feel that they are able to report issues and concerns without fear that they will be blamed or disciplined personally. A risk-aware culture requires good communication of risk information from senior management. Good communication also requires that reports from all employees, as well as reports from outside the organization, are welcome and well received. Information on risk performance should be included in the communication activities. Measuring risk culture It can be difficult for an organization to measure risk culture. However, the risk culture of the organization is so important that measurements need to be taken. Audit committees will often ask how seriously a department or location takes risk management. In general, it will be easy to answer this question on a qualitative basis. However, quantitative measurements are required, so that areas of weakness can be identified and improvement actions planned. The Canadian Criteria of Control (CoCo) framework represents a means for measuring the risk culture of the organization. Another measure of the risk culture is that the audit committee seeks to evaluate the level of risk assurance that is available from the particular unit or division under consideration. Another means of measuring risk culture is to look at the level of risk maturity within the organization. A later section of this chapter considers risk maturity models in more detail. Quantitative measures that indicate the level of risk maturity can be taken and areas for improvement can then be identified. The box below provides an example of risk awareness and the embedding of risk management into the culture of an organization. |
