We support your board and risk committee with risk governance.
We go beyond traditional risk analysis to include the involvement and participation of various stakeholders as well as considerations of the broader context in which a risk is evaluated and managed. Risk Governance is the architecture within which risk management operates in your organisation. It reflects, sustains and evolves your organisation’s risk culture. Since risk management is fundamental to running your business, risk governance should be a fundamental part of your corporate governance. Risk Governance refers to the institutions, rules conventions, processes and mechanisms by which decisions about your risks are taken and implemented. This encompasses the responsibility throughout the organisation by how the whole organisation is directed, controlled and held accountable to achieve its core purpose over the long term.
Risk governance is a fundamental component of corporate governance.
Why Risk Governance?
If your organisation is implementing new services, launching new products or adapting to new trends, you will be introducing risk to your organisation. Projects create risk – it is not necessarily a bad thing, but it should be appropriately managed.
Generally, project teams are at the forefront of identifying, mitigating and managing risk. Their horizon scanning spots the risks, and then as part of the project, they determine how best to address them, all with support from the project sponsorship and executive management. Project managers and their teams will be familiar with the idea of a risk log and regular meetings to discuss progress on risk management activities.
However, sometimes risks to the organisation can be so significant that it is appropriate to convene a separate governing body to oversee the management activities relating to risk. This is risk governance.
Risk governance committees help define and identify which risks are present, as well as the opportunities that the corporation may not have adequately tracked. The committee also sets risk management policy and oversees the way in which risks are managed.
The Value Propositions
Multiple and complex project dependencies.
When the interdependencies weave between multiple projects, there certainly exists a reason to ensure your risk governance approach acceptable.
Organisations should convene a specific group of specialists who are tasked with the job of monitoring and controlling the risk exposure from the portfolio. Their role includes examining probabilities and mitigating actions to minimise the impact and exposure on the business. Whether this group is a stand-alone executive sub-committee, other qualified group, a fundamental part of your risk governance model, or something else, will depend on your organisation’s approach to risk management.
A dedicated committee of people with the specialist knowledge to be able to respond to volatile risks in a complex environment will be able to bolster the risk management activities of individual project teams.
You have a lot of projects that are high risk.
When there is probably limited value in putting together a dedicated group to manage the governance of risk across small exposure, even if within each individual project, the potential for risk is high. In a business with a risk culture that results in many high risk projects, there’s more value in ensuring that together, the exposure to the business does not exceed what executives are prepared to tolerate. If a large portion of your portfolio is high risk projects, then that is another reason to consider a separate governance strand for risk.
You have significant assets invested in a small number of projects.
There’s value in taking control of your risks when you have a large portion of your organisation’s assets tied up in a small number of projects. Should there be difficulties with just one or two of those projects, major difficulties for your business could be created.
Once those rules are in place, you can readily convene an appropriate risk governance group. You can also link them in with the corporate governance framework for risk, providing an interface between the project and the wider risk appetite and culture in the business.
Better risk governance implies enabling organisations to benefit from change, while minimising the negative consequences of the associated risks
How We Do It
We apply the principles of quality governance to the identification, assessment, management, and communication of risks. This supports the formal structure used to support risk-based decision making and oversight across all operations of an organisation. We involve your board, board committees, delegations, management teams and related reporting. Then we design the governance structure to fit your organisation’s size, organisational structure and the complexity of your operations.
We are a specialised risk management consultancy implementing the latest technologies and best practices for businesses to manage their risks, build their business resilience and accelerate their growth.
Our risk governance process is a comprehensive approach to help understand, analyse, and manage important risk issues for which there are deficits in risk governance structures and processes. The process comprises five linked phases including pre-assessment, appraisal, characterisation and evaluation, management, and communication. These interlinked phases provide a means to gain a thorough understanding of a risk and to develop options for dealing with it. Risk governance framework can contribute to the development of more inclusive and effective risk governance strategies.
Better risk governance implies enabling organisations to benefit from change while minimising the negative consequences of the associated risks
Removes silos from the risk management process.
Risk governance is integral to a corporation's complete process of governance. An assumption of a robust governance practice is that an effective risk management process exists, that can ensure that the plethora of corporate compliance risks is addressed, by considering all the areas of risks. It ensures vertical and horizontal integration of risk management process.
Helps develop vision to view risks in a holistic manner.
Risk governance is approached in a predominantly top-down fashion (that is, examining risks from the senior executive and board of directors' perspective). This is different from the ERM view, which is more of a "top-down-directed" but "bottom-up-implemented" approach that views risks from the line manager's perspective.
Central policy and decision making ensures uniformity.
Risk governance is typically implemented through a set of organisational structures, procedures, and measures. Many businesses have organised a risk governance committee that reports to the CEO, but also is accountable to the board of directors. Risk governance committees help define and identify which risks are being taken, as well as the opportunities that the corporation has not adequately pursued. The committee also sets risk management policy and oversees the way in which risks are managed. Finally, the committee ensures that all four points listed above are correctly implemented.
Promotes CIO in managing risk considering pervasive nature of IT.
Many risk governance-related risks have now fallen directly into the CIO's sphere of control. While not every IT risk is a governance risk, almost every governance risk involves IT. The reasons are plain. IT is pervasive in corporations, touching on almost everything it does. Financial results depend on IT systems to generate them. A corporation's operations, products, and services likely depend on IT. The misuse or unavailability of IT can have serious legal, let alone financial, consequences for the corporation.