Putting risk in the comfort zone | Deloitte | Governance Risk Compliance | Article | Insights has been added to your bookmarks.
Putting risk in the comfort zone
Nine principles for building the Risk Intelligent Enterprise™
Risk is often thought of in terms of threats — bad things happening to your business. But risk also has a positive side, one that applies to value creation and risk taking for reward.
Introducing new products, entering foreign markets, acquiring competitors, forging partnerships — all are challenging endeavors, and if you don’t properly manage the associated risks, you may not reap the potential rewards.
Nine fundamental principles of a Risk Intelligence program
- In a Risk Intelligent Enterprise, a common definition of risk, which addresses both value preservation and value creation, is used consistently throughout the organization.
- In a Risk Intelligent Enterprise, a common risk framework supported by appropriate standards is used throughout the organization to manage risks.
- In a Risk Intelligent Enterprise, key roles, responsibilities, and authority relating to risk management are clearly defined and delineated within the organization.
- In a Risk Intelligent Enterprise, a common risk management infrastructure is used to support the business units and functions in the performance of their risk responsibilities.
- In a Risk Intelligent Enterprise, governing bodies (e.g., Boards, Audit Committees, etc.) have appropriate transparency and visibility into the organization’s risk management practices to discharge their responsibilities.
- In a Risk Intelligent Enterprise, executive management is charged with primary responsibility for designing, implementing, and maintaining an effective risk program.
- In a Risk Intelligent Enterprise, business units (departments, agencies, etc.) are responsible for the performance of their business and the management of risks they take within the risk framework established by executive management.
- In a Risk Intelligent Enterprise, certain functions (e.g., HR, finance, IT, tax, legal etc.) have a pervasive impact on the business and provide support to the business units as it relates to the organization’s risk program.
- In a Risk Intelligent Enterprise, certain functions (e.g., internal audit, risk management, compliance, etc.) provide objective assurance as well as monitor and report on the effectiveness of an organization’s risk program to governing bodies and executive management.