top 3 questions you should be asking about your risk governance structure
TRANSCRIPT
workiva.com
Top 3 questions youshould be asking about yourrisk governance structure
workiva.com
From stricter regulations to previously unimaginable key risk indicators, every company's risk profile is becoming more complex.
Ask these 3 questions about your current risk governance structure to avoid the pitfalls of an ineffective risk governance structure.
The structure of risk governance is evolving.
workiva.com
What is the board's role inyour current ERM framework?
"Global risk management survey, ninth edition. Operating in the new normal: Increased regulation and heightened expectations.” (2015). Deloitte University Press. Retrieved
from https://www2.deloitte.com/content/dam/Deloitte/lu/Documents/risk/dtt-en-wp-global-risk-management-survey9-20052015.pdf
"Eighty-five percent of respondents said their
board of directors currently devote more time
to oversight of risk than they did two years ago."85%
workiva.com
If your board's involvement is confined to receiving risk reports or approving risk appetite statements, then a big part of your governance
structure is underutilized.
Traditional approach
workiva.com
The board's role should expand so that it's empowered to provide direct feedback through the risk assessment process, ongoing risk profile
dialogue, and discussions around emerging risks.
By expanding the board's input beyond its traditional role as consumers of risk reporting, a true top-down risk culture can be achieved. This leads
to better visibility of critical risk information across the organization.
Evolved approach
workiva.com
How does your organization communicaterisk information to stakeholders?
"Making strides in financial services risk management” (2011). Ernst & Young. Retrieved from https://issuu.com/ezra1110/docs/making_strides_in_financial_services_risk_manageme
A recent IIF/EY industry survey indicated that
92% of firms interviewed reported an increase in
senior management attention on strengthening
the risk culture.
92%
workiva.com
When communicating risk information, the structure is typically focused on reporting up through the organization, rather than on keeping all
levels of the organization informed.
Traditional approach
workiva.com
A continuous socializing of critical risk data assists in increasing risk management transparency—which, in turn, helps to build a more efficient
and effective communication process.
An informed risk culture helps your first line of defense, management, and board operate with an increased and directed perspective on the risk
management framework, which leads to better business decisions.
Evolved approach
workiva.com
How o�en does yourorganization review its risk profile?
"2014 global survey on reputation risk.” (2014). Deloitte Touche Tohmatsu Limited. Retrieved from
https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Governance-Risk-Compliance/gx_grc_Reputation@Risk%20survey%20report_FINAL.pdf
"Companies feel most prepared to manage
risks within their direct control and least
prepared for risks beyond their direct control."
workiva.com
Many organizations review their risk profiles on a regularly scheduled basis, whether annually or quarterly.
Traditional approach
workiva.comworkiva.com
By reviewing risk profiles with a frequency proportionate to the complexity of your business, your framework is better aligned with the
true state of your current risk environment.
Additionally, organizations are better prepared for risk drivers beyond their direct control. This allows your framework to become more
responsive to a quickly changing internal and external risk environment.
Evolved approach
workiva.comworkiva.com
Every organization has to develop a governance structure
that fits its unique risk profile.
workiva.comworkiva.com
While these questions shouldn't be the ending point for
assessing the health of your risk governance structure,
they can help organizations increase cohesion and
collaboration on risk management initiatives—ultimately
leading to a stronger risk framework and risk culture.
workiva.comworkiva.com | [email protected] | +1.888.275.3125
See how Workiva is helping organizations of all sizes turn their risks into opportunities.