Some thoughts on best practice risk management

Risk management is simple.

It just takes 12 easy steps to achieve effective risk management in your organisation.

Truly.

So what is the simple 12 point method to best practice risk management.

But before we get to that, why is it important to be best practice risk management?  The primary reason is it provides management with the full understanding of the risks of the business and therefore should allow the business to make even more informed and balanced decisions.  You know when you have a great risk management framework when everyone in your business is talking risk and making considered decisions based on the risks.

Essentially a good risk management framework has the following key aspects:

  • A well understood view of the risks of the business;
  • A process of ongoing update of the risks but also some form of periodic review;
  • An analysis of other organisations events and incorporating them in your risk assessment process;
  • Reporting includes risks, events and key risk indicators (KRIs);
  • A process of root cause analysis such as using 5 Whys and Six Sigma techniques;
  • All business events cover who, what when and how;
  • Any actions that are required after an event are effectively managed;
  • Committees have an effective charter and accountability, and understand the risk appetite;
  • Committee actions are effectively managed;
  • Members of the committee attend all meetings; and
  • Risk owners present all papers.

Using these 12 key points and ensuring that the individuals in the organisation understand that the most important person in risk management is them, should provide your business with a great risk management framework.

Cheers,

More from the Reading Room

The Qantas privacy finding: a positive lesson in third-party oversight

A serious data breach does not automatically mean governance failed. The more important question is whether an organisation can demonstrate that it understood the risks,...

APRA’s CPS 230 Tweaks: Small Amendment, Big Governance Signal

APRA has released final targeted amendments to CPS 230 Operational Risk Management. The item is current and sits within APRA’s prudential framework, so boards and risk teams should treat it as a live governance and…

“Cheap and Out of Date”, a Board-Level Resilience Question

A practical risk maturity article using a current event to test ownership, evidence, controls, challenge and decision quality.

Everyone Passed. That’s Not the Point.

APRA's inaugural System Risk Stress Test found four major banks and six super funds individually resilient, but exposed concentration risk and a super-fund liquidity mechanism that could amplify a system-wide shock.