Change is not easy to many people or organizations. The discipline of Risk management provides techniques to facilitate change.
Risk management is often misunderstood as being time-consuming, impractical, difficult, or perceived as a functional compliance duty. The need for risk management is downplayed by the absence of evidence (of risks), however this doesn’t mean evidence of absence (of risks). Although risk management facilitates, rather than encumbers, the achievement of objectives, rarely it is pervasive in the organizational culture and in the decision making process.
The quality of the risk management process is a reflection of the management team and Board risk appetite, their tolerance for uncertainty and pressure for results.
How does a robust risk assessment framework look like:
The purpose of establishing thresholds is to ensure that risks are not over- or under-managed and that the organization’s resources are effectively utilized. Reducing risk involves costs; the lower the risk threshold, the higher the cost. Lack of upper thresholds signals inadequate protection and exposure to unacceptable losses impacting the organization’s ability to meet its objectives.
The Board and senior management have a shared responsibility to nurture a risk-aware culture that encourages prudent risk-taking within established risk thresholds.