Improve your grip on risk governance

Recent years have severely tested risk governance and risk management capabilities at most organizations. Given the impacts of the Covid-19 pandemic and various cyberattacks, weather events, and political and social developments, it’s a wonder that risk managers and the executive teams and boards who oversee them can keep pace with the challenges they face. In fact, some have not kept pace; others have been led to question their approaches to risk.

Under these circumstances, senior executives and boards often need to improve their grip on risk governance, which sets the tone for and oversees risk management. This does not necessarily mean either tightening or loosening your grip on governance. It means establishing and maintaining optimal risk governance.

Optimal risk governance boosts performance by enabling risk-based decision making, which balances value creation and asset protection. It enables the executive team and board to fulfill their risk-related responsibilities by clarifying risks to the enterprise and obtaining assurance that those risks have been addressed. It builds trust by providing visibility into risks as well as assurance to stakeholders that they are being addressed.

Get a grip

Improving your grip on risk governance often entails reviewing, refreshing, and revising risk-related practices. Our research and our experience on client engagements indicates that this process is best undertaken with the goal of enabling risk-based decision making while reinforcing the resilience of the enterprise in the face of risk events.
If your business has been thriving, you may see it as immune to risk events and see little need to focus on risk governance. On the other hand, if your business must regain lost ground, you may believe you have higher priorities. In the former case, your organization may simply have been lucky; in the latter case, trying to regain lost ground without more robust governance may imperil the enterprise.

Whatever your current situation, risk events may well have exposed gaps, inadequacies, vulnerabilities, and inefficiencies in risk management and risk governance in your organization.

To start considering your current approach to risk governance, ask yourself and your leadership team the following questions:

• Have you automated regulatory (and internal) compliance to the greatest extent possible?
• Have you taken full advantage of risk scanning, sensing, and reporting technologies? Do you link risk monitoring capabilities with clear issue escalation and risk remediation procedures?
• Do you feel you have adequately identified risks beyond those well-known in your industry and organization, including economic, environmental, social, political, and reputational risks? Do you identify and track emerging risks?
• Have you aligned your risk strategy and your business strategy? Have you linked hiring practices, incentives, rewards, and other behavioral levers with your risk and business strategies?

Where and how to start

Where and how you start to improve your grip on risk governance depends on how clear, practical, and robust your existing system of governance is. One good place to start making it clearer, more practical, and more robust would be to consider your existing governance framework. To assist you in this process, we provide our governance wheel.

Deloitte Governance Wheel

Like any wheel, our governance wheel must be properly balanced if it is to do its job. That means understanding where more or less attention, investment, and work is required, while recognizing that the executive team and the board must do the driving.

Contacts

Author

Tim Archer UK Risk Advisory tarcher@deloitte.co.uk +44 20 7303 4484	Keri Calagna US Risk and Financial Advisory Leader and Report Author kcalagna@deloitte.com +1 212 492 4461