According to the ISO 31000:2018 principles, risk management is an integral part of all organizational activities. and decision making. Picking up on that important point, risk management should be seen as a management tool designed to improve planning, budgeting, performance management and other core business processes. Risk management also helps management to make more informed business decisions about achieving strategic or operational goals and sometimes may even highlight the need to change the strategy altogether due to an unacceptable level of risk.
Below are just some of the practical ideas to help integrate risk management:
- Document appetites / tolerances for different risk types in the relevant Board level policies and procedures instead of creating separate risk appetite statements;
- Identify significant risks and assess their impact on the Company’s business plan and budget;
- Run risk simulation to determine realistic strategic or operational KPI values;
- Run risk simulation to determine key budget constraints;
- Integrate risk analysis into key management, investment and project decisions;
- Remunerate management based on risk-adjusted performance measures.
Effective risk management increases management confidence in achieving objectives, reduces uncertainty and helps make informed, risk-based decisions. In this section, we provide examples of how risk management can be integrated into:
- Strategic planning;
- Performance management;
- Decision making.