Risk management is ultimately about creating a culture that would facilitate risk discussion when performing business activities or making any strategic, investment or project decision.
In this free book, Alex Sidorenko and Elena Demidenko talk about practical steps risk managers can take to integrate risk management into decision making and core business processes. Based on our research and the interviews, we have summarised fifteen practical ideas on how to improve the integration of risk management into the daily life of the organisation. These were grouped into three high-level objectives: drive risk culture, help integrate risk management into business and become a trusted advisor.
The three key takeaways from the book include:
- Risk management is not just about tools and techniques; it is about changing the corporate culture and the mindset of management and employees. This change cannot happen overnight, risk managers need to start small by embedding elements of risk analysis into various decision-making processes, expanding the scope of risk management over time.
- It is vital to break the status quo where risk management is seen as a separate and independent activity. Instead, risk managers should integrate risk management into all core business activities. This can be achieved by integrating risk analysis into decision-making processes, assisting management in evaluating projects and strategic initiatives with the use of risk analysis tools, integrating risk management into strategic planning, budgeting and performance management, incorporating responsibilities in job descriptions, providing management training and etc.
- Risk managers should strive to become advisors to senior management and the Board. Advisers that are trusted and whose recommendations are listened to. To achieve this, risk managers may need to break away from traditional models like “3 lines of defense” and instead choose to actively participate in the decision making, take ownership of some risks and provide an independent assessment of risks associated with important business decisions, maybe even veto some high-risk activities.
This document is designed to be a practical implementation guide. Each section is accompanied by checklists, video references, useful links and templates.
This guide isn’t about “classical” risk management with its useless risk maps, risk registers, risk owners or risk mitigation plans. This guide is about implementing the most current risk analysis research into the business processes, decision making and the overall culture of the organization.