workiva.com

Top 3 questions youshould be asking about yourrisk governance structure

workiva.com

From stricter regulations to previously unimaginable key risk indicators, every company's risk profile is becoming more complex.

Ask these 3 questions about your current risk governance structure to avoid the pitfalls of an ineffective risk governance structure.

The structure of risk governance is evolving.

workiva.com

What is the board's role inyour current ERM framework?

"Global risk management survey, ninth edition. Operating in the new normal: Increased regulation and heightened expectations.” (2015).  Deloitte University Press. Retrieved

from https://www2.deloitte.com/content/dam/Deloitte/lu/Documents/risk/dtt-en-wp-global-risk-management-survey9-20052015.pdf

"Eighty-five percent of respondents said their

board of directors currently devote more time

to oversight of risk than they did two years ago."85%

workiva.com

If your board's involvement is confined to receiving risk reports or approving risk appetite statements, then a big part of your governance

structure is underutilized.

Traditional approach

workiva.com

The board's role should expand so that it's empowered to provide direct feedback through the risk assessment process, ongoing risk profile

dialogue, and discussions around emerging risks.

By expanding the board's input beyond its traditional role as consumers of risk reporting, a true top-down risk culture can be achieved. This leads

to better visibility of critical risk information across the organization.

Evolved approach

workiva.com

How does your organization communicaterisk information to stakeholders?

"Making strides in financial services risk management” (2011). Ernst & Young. Retrieved from https://issuu.com/ezra1110/docs/making_strides_in_financial_services_risk_manageme

A recent IIF/EY industry survey indicated that

92% of firms interviewed reported an increase in

senior management attention on strengthening

the risk culture.

92%

workiva.com

When communicating risk information, the structure is typically focused on reporting up through the organization, rather than on keeping all

levels of the organization informed.

Traditional approach

workiva.com

A continuous socializing of critical risk data assists in increasing risk management transparency—which, in turn, helps to build a more efficient

and effective communication process.

An informed risk culture helps your first line of defense, management, and board operate with an increased and directed perspective on the risk

management framework, which leads to better business decisions.

Evolved approach

workiva.com

How o�en does yourorganization review its risk profile?

"2014 global survey on reputation risk.” (2014). Deloitte Touche Tohmatsu Limited. Retrieved from 

https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Governance-Risk-Compliance/gx_grc_Reputation@Risk%20survey%20report_FINAL.pdf

"Companies feel most prepared to manage

risks within their direct control and least

prepared for risks beyond their direct control."

workiva.com

Many organizations review their risk profiles on a regularly scheduled basis, whether annually or quarterly.

Traditional approach

workiva.comworkiva.com

By reviewing risk profiles with a frequency proportionate to the complexity of your business, your framework is better aligned with the

true state of your current risk environment.

Additionally, organizations are better prepared for risk drivers beyond their direct control. This allows your framework to become more

responsive to a quickly changing internal and external risk environment.

Evolved approach

workiva.comworkiva.com

Every organization has to develop a governance structure

that fits its unique risk profile.

workiva.comworkiva.com

While these questions shouldn't be the ending point for

assessing the health of your risk governance structure,

they can help organizations increase cohesion and

collaboration on risk management initiatives—ultimately

leading to a stronger risk framework and risk culture.

workiva.comworkiva.com | info@workiva.com | +1.888.275.3125

See how Workiva is helping organizations of all sizes turn their risks into opportunities.