10 Questions to Evaluate Your Approach to Risk Oversight

July 24, 2017

Our latest includes the 2017 Global Risk Oversight Report published by the Association of International Certified Professional Accountants (AICPA) and the Enterprise Risk Management (ERM) Initiative at North Carolina State University. The report summarizes the perspectives of 586 executives in organizations around the world, and provides an overview of the current state of enterprise-wide risk oversight.

According to the report, due to the fast pace of change in the global business environment, more organizations are concluding that risk management, in its current form, is likely to lead to failure and significant missed opportunities. To help companies avoid this fate, the report identifies ten questions that boards of directors and senior executives can use to evaluate their overall approach to risk oversight.

Consider these questions for your own organization also, in order to strengthen your understanding of the most critical risks:

1) If asked to describe the organization’s approach to risk management, what explicit processes would be highlighted? How would the description vary if individual members of the board or senior management are asked to respond?

2) Who among the management team would be viewed as the leader of the organization’s processes to oversee the risks on the horizon?

3) To what extent does management’s identification of key risks tend to focus on already “known” or well-understood risks? To what extent is the risk management process helping management identify “unknown but knowable” risks?

4) Is there a consensus view among the board of directors and senior management about what constitute the top 10-15 most important risks on the horizon for the organization?

5) How much is the information output generated by the risk management process used as an important input to the strategic planning process? That is, when evaluating strategic alternatives, does the strategic planning process evaluate the nature and extent of risks identified by the risk management process?

6) What do recent risk events experienced by the organization suggest about the effectiveness of the organization’s risk management processes?

7) To what extent are senior management and the board able to identify the organization’s current responses for the top 10-15 risks to the enterprise? How does management determine the effectiveness of those responses?

8) To what extent does management’s information dashboard include KRIs in addition to KPIs?

9) To what extent does the organization’s culture encourage the escalation of risk issues from middle management to senior management and the board of directors?

10) Where are the biggest vulnerabilities in the organization’s risk management processes?

Risk and return are connected, which is why companies should consider increasing investment in enterprise risk oversight. This will strengthen resilience and agility when navigating the complex risk landscape on the horizon, the report says. Read the full report to benchmark your risk oversight maturity and to learn more about opportunities to enhance the strategic value of enterprise-wide risk oversight efforts. Finally, consider the use of enterprise risk management software to facilitate and accelerate your risk oversight efforts.

View the recording of our webinar with COFACE to learn more about their GRC journey with Enablon, and how to centralize risk, control and assurance activities:

Webinar GRC Operational Excellence