For organisations to act consistently, to have common understanding of the significance of risks, they need to know what to do and when.
A risk management framework sets out the rules of the game. A really good risk management framework integrates risk into decision-making, enables greater levels of co-operation and ultimately, helps the organisation get greater rewards from their risk exposures. Senscia can help write such frameworks for you, based on international standards and strong experience.
Some organisations may have been doing risk management for a while, yet the benefits are not what they should be. There is a disconnect between business divisions and the risk management team. You have a feeling that you can do better but you aren’t sure how.
We can provide an evaluation of your risk management activities making informal benchmarks against current best practices. Not only that, we can help devise practical roadmaps for improving your risk management function, providing a strategy to go before top management and supervisory boards.
What appetite do you have for the risk of a complete failure of your core data processing facility, or for the death of an employee?! Everybody knows that they are supposed to have these statements but in practice, even the organisations that do have them, wonder what they are for and what meaningful difference they make.
Assuring Regulators, Board Members and Shareholders that you have a reliable means of understanding and controlling your organisation’s response to the simple question: have we got the right balance between risk and reward in our activities? – is the key value-driver in the ERM proposition.
Being able to write risk appetite statements that allow the Board to purposely direct risk exposure, whilst at the same time allowing managers to define concrete parameters to limit operational risks, takes time and thought. Time which many CROs simply do not have.
There are two distinct problems, which every CRO has to face up to at some point in time. The first is how to create a method in which any member of the organisation can assess a risk, or look at a risk report and come to a consistent understanding of the meaning of the risk rating that is applied.
If a risk is called “Low”, then just how much worse is a risk that is labelled “Medium”? What sense of urgency or priority should be put into dealing with that?
Many CROs complain that people in their organisations read risk reports and do not act. This is often an indication that there is no sense of the ‘scale of risks’, that risk labels are not meaningful. Being able to confidently recognise the importance of the likelihood/ probability of a risk event happening and the consequent size of impact, is a fundamental part of the effectiveness of any risk management activity. How good are your scales, how easy are they to work with, how closely do they match the intuition of your business leaders?
The second key issue for the CRO, is being asked, “How do you know this is everything?” when making a risk report. What confidence do you have that all relevant risks have been given appropriate consideration? Did something get overlooked that is going to come back and bite you later on?
Having a defined Risk Map, or Risk Universe can help with this challenge. Drawing out a list of exposures that affect your organisation’s structure, processes, internal and external forces for change, your assets and services, markets and governance requirements, in tactical and strategic timeframes – such a map can help top management make sense of the context of individual risks. Senscia can help you define Risk Maps that become the “AHA!” moment when presented to top management, the occasion when risks start to be recognisable and coherent.
Any mature and effective risk management programme will need to design strong risk dashboards, to write risk reports that grab attention and drive action, to use risk metrics like KRIs to track risk trends and set threshold alarms. Senscia can listen to your organisation’s way of doing business then draw upon it’s extensive KRI portfolio, to help you quickly work out how to signal to management how close you are coming to the limit of your control capabilities.