Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
|
Risk culture
322 Risk information on an intranet Risk information can be made available to stakeholders by a variety of means. Many organizations produce brief guides and leaflets for stakeholders to communicate the current risk issues and concerns. The appropriate means of communication will vary according to the nature of the stakeholder and the nature and complexity of the message to be communicated. Formal means of risk communication exist where the organization has to report to financial stakeholders. When risk communication is required, a range of communi- cation techniques can be used. A formal report to the stock exchange or to other financial stakeholders may be backed up by an informal video, slide presentation and/or a telephone conference call, as appropriate. There is often an additional means of risk communication available to organiza- tions. Many organizations have developed an intranet for use by staff and this can be used to cover risk and risk management information. For many large organizations, it is common for the intranet to be used to communicate health and safety informa- tion and business continuity plans. Information can be provided on the intranet about the generic risk assessments that have been undertaken and the control measures that have been identified. The intranet can also be used to communicate urgent risk information, as well as providing updates on risk assessments, control measures and the current level of any particular risk. An important consideration in the collection, retention and supply of risk infor- mation is that it should be aligned with other management information systems within the organization. Providing risk information as a separate management infor- mation stream is likely to result in risk management activities failing to be aligned or embedded within other activities. The danger that risk information will become irrelevant to managers in the organization is greater when the organization has a dedicated risk management information system (RMIS). The first reason an organization needs a risk language is to underpin its risk culture. Everyone in the organization has a role in an effective risk management process. Most organizations have many layers (eg executives, line managers and employees) and ‘silos’ (eg technology, treasury, operations, quality management and compliance). A common language is needed to cut through the layers and break down the silos. Conversely, without a common language, the risk management team will spend too much time resolving communication issues at the expense of their primary responsibilities. Common language of risk |
