Embedding Sound Risk Management Practices into an Organization - Slide 3

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6
Next Embedding Sound Risk Management Practices into an Organization-3 Next

Support and buy-in from senior management are critical to drive ownership and embed risk management. Executive-level training in the form of “know your responsibilities” is a useful mechanism to help management understand their risk responsibilities and those of their staff.

Determining an organization’s approach to risk management and monitoring its risks are often the responsibilities of a core team of individuals. While these individuals can develop effective policies, procedures and frameworks to help direct the organization’s risk management strategy, responsibility for the execution of sound risk management activities and the operation of key control points fall on a the wider employee base as part of their day-to-day activities. It is the line managers, traders, accounts payable clerks, stock managers, brokers and many other professionals who must maintain the key controls that help mitigate risks to the organization.

Within many organizations, individuals operate these controls and mitigate these risks, but do so subconsciously as part of their general activities. When individuals are required to change practices to mitigate potential risks or are required to start formally attesting to controls they operate, little support or advice may be provided and resistance can build up. Without an effective training program to help explain the value of risk management and support business users in their individual responsibilities, risk management becomes an ancillary function rather than one that is embedded into daily business activities.

Embedding risk management into the day-to-day running of an organization and driving individuals to consider the risk of their actions are key to the implementation of a successful enterprise risk management (ERM)  program. Like any type of change, users need to be helped through any transformational activities to understand the value of their actions or why change is required. Therefore, training becomes highly important. The challenge to delivering an effective training program is meeting the needs of a wide range of individuals who often are at different grades or levels within the organization but, in many cases, have the same risk responsibilities.

To successfully deliver a risk and control awareness campaign and truly embed risk management within an organization, Protiviti suggests following these core principles.

More Slideshows:

Seven Video Resume Tips for Job Seekers Tips for job seekers looking to add a video component to their job search.

10 Top Google Apps for Project Management 10 of the highest-rated apps for project management from the Google Apps Marketplace.

Top Five Rules for E-mail Etiquette Follow these simple rules to help you avoid looking like an amateur in the world of e-business communication.


Related Topics : A Big Market for Big Data Jobs, Midmarket CIO, IT Management Automation, SharePoint, Technology Markets

More Slideshows

Compliance4-190x128 GRC Programs: Building the Business Case for Value

Experience shows that organizations that manage GRC as an integrated program — involving people, processes and technologies — are more successful in delivering value to their organizations ...  More >>

IT_Man89-290x195 9 Tips for Running a 'Tween' Company

Advice and tips for entrepreneurs and companies that are no longer startups but not quite ready for an IPO, also known as "tweens." ...  More >>

IT_Man88-190x128 Top 5 Trends Affecting Women-Owned Micro Businesses

Learn more about the challenges and opportunities presented to women leaders, especially micro-business owners. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.