Background
Organisations of all types and sizes face external and internal factors and influences that make it uncertain whether they will achieve their objectives.
Without risk, there is no reward. Too much risk can lead to business failure.
Risk management allows a balance to be struck between taking risks and reducing them.
Effective risk management can add value to any Organisation.
Purpose
The purpose of risk management is the creation and protection of value. It improves performance, encourages innovation and supports the achievement of objectives.
Risk Management Principles
Effective risk management requires the elements listed below and can be further explained as follows.
1 – Integrated – Risk management is an integral part of all organizational activities.
2 – Structured and Comprehensive – A structured and comprehensive approach to risk management contributes to consistent and comparable results.
3 – Customised – The risk management framework and process are customised and proportionate to the organisation’s external and internal context related to its objectives.
4 – Inclusive – Appropriate and timely involvement of stakeholders enables their knowledge, views and perceptions to be considered. This results in improved awareness and informed risk management.
5 – Dynamic – Risks can emerge, change or disappear as an organization’s external and internal context changes. Risk management anticipates, detects, acknowledges and responds to those changes and events in an appropriate and timely manner.
6 – Best Available Information – The inputs to risk management are based on historical and current information, as well as on future expectations. Risk management explicitly takes into account any limitations and uncertainties associated with such information and expectations. Information should be timely, clear and available to relevant stakeholders.
7 – Human and Cultural Factors – Human behaviour and culture significantly influence all aspects of risk management at each level and stage.
8 – Continual Improvement – Risk management is continually improved through learning and experience.
Risk Management Framework
The purpose of the risk management framework is to assist the organisation in integrating risk management into significant activities and functions.
The effectiveness of risk management will depend on its integration into the governance of the organisation, including decision-making.
This requires support from stakeholders, particularly top management.
Framework development encompasses integrating, designing, implementing, evaluating and improving risk management across the organisation, illustrated below.
The organisation should evaluate its existing risk management practices and processes, evaluate any gaps and address those gaps within the framework.
The components of the framework and the way in which they work together should be customized to the needs of the organisation.
Risk Management Process
The risk management process involves the systematic application of policies, procedures and practices to the activities of communicating and consulting, establishing the context and assessing, treating, monitoring, reviewing, recording and reporting risk, illustrated below.
