Alex Sidorenko from RISK-ACADEMY talks about documenting and publishing a risk management policy. It is generally considered a good idea to document an organisation’s attitude and commitment to risk management in a high-level document, such as a Risk Management Policy. The policy may describe the general attitude of the company towards risks, risk management principles,… Continue reading 39. Is risk management policy useful? – Alex Sidorenko
The G31000 Risk Management maturity model is designed to assist organizations on the road to embed risk management into all activities throughout the organization, including decision-making. It defines levels of maturity against which an organization can measure its current status and identify actions for continual improvement. The overall scoring system is based on a detailed questionnaire linked directly to identified sub-components for all the elements of the risk management framework and is mapped to a 3-level risk maturity scale.
Risk managers should encourage employees to openly raise risk management related issues. This is possible by spending a considerable amount of time every day communicating with their colleagues and staying up-to-date on the latest developments and emerging risks or failures in the internal control system. Share the risk manager’s contact information with employees or provide… Continue reading Practical ideas: Reinforce the “no blame” culture
Most of the risk managers we have interviewed agreed that having a management level Risk Management Committee has a significant positive effect on the overall risk management culture. While the composition of the Risk Management Committee can vary from company to company, it should be sufficiently representative to ensure different points of view on risk… Continue reading Practical ideas: Consider establishing a Risk Management Committee at the management level or extend the mandate of the existing management committee
Most risk managers think they are doing a great job. But how can you actually tell? To add to the challenge, despite the guidance provided in ISO 31000:2009, the concept of risk management effectiveness still remains a bit vague. Who can audit or validate your risk management effort to say whether it’s good or not?… Continue reading FREE WEBINAR: Is your risk management truly effective? Auditing risk management in 4 simple steps
A while back I recorded a short video on the topic of risk management organizational structure in a non-financial company. In the video I discussed various options for risk manager’s place in the overall organizational structure. Since there is really no single right answer, the few common options include: reporting directly to the CEO, reporting… Continue reading 5 reasons why internal audit may be the best place for the risk manager to sit