According to the ISO 31000:2009, principles risk management should be an integral part of organisational processes and decision making. Picking up on that important point, risk management should be seen as a management tool designed to improve planning, budgeting, performance management and other core business processes. Risk management also helps management to make more informed business decisions about achieving strategic or operational goals and sometimes may even highlight the need to change the strategy altogether due to an unacceptable level of risk.
Below are just some of the practical ideas to help integrate risk management:
- Document appetites / tolerances for different risk types in the relevant Board level policies and procedures instead of creating separate risk appetite statements;
- Identify significant risks and assess their impact on the Company’s business plan and budget;
- Run risk simulation to determine realistic strategic or operational KPI values;
- Run risk simulation to determine key budget constraints;
- Integrate risk analysis into key management, investment and project decisions;
- Remunerate management based on risk-adjusted performance measures.
Effective risk management increases management confidence in achieving objectives, reduces uncertainty and helps make informed, risk-based decisions. In this section, we provide examples of how risk management can be integrated into:
- Strategic planning;
- Performance management;
- Decision making.
DOWNLOAD THE FREE RISK MANAGEMENT BOOK: https://www.risk-academy.ru/en/download/risk-management-book/
Watch more free risk management videos on http://www.risk-academy.ru/en/risk-management-video/ or subscrive to RISK-ACADEMY youtube channel https://www.youtube.com/user/alexausrisk
One thought on “How to move from risk management to risk-based management”
Innovation is an obvious process where you can and should integrate risk. It is inherently risky and is gaining high visibility in organisations as they seek ways to fend off disruptors and be less reliant on specific sectors/products. It is typically an activity where you may find a gap in terms of risk appetite parameters not being clear. Do not do as I initially did and define a separate appetite statement but integrate the parameters into the innovation strategy/policies. Appetite can be defined in terms of desired % split of core, adjacent and new initiatives. Risk can be integrated into the evaluation process relating to an initiative via having a stage gate phased approach to the evaluation and weaving risk mgt process considerations into the phases. Rgs