The RSA white paper on The Principles of Bank Risk Management examines the essence of business. It starts with “At a fundamental level, understanding risk is essential for running a business, since optimal business execution ultimately involves decisions that maximize rewards while minimising the impacts of negative events. Understanding risk enables organisations to best allocate their resources (time, money, etc.) to reduce unacceptable risk, diminish unpredictability and achieve their business objectives.”
Certain tenets should guide an organisation’s strategy for business risk management. These guiding principles should be the foundation for the overall risk management strategy and be part of the fabric of the governance program. RSA believes that in addition to committing to a strong governance paradigm, the following principles must be ingrained into an organization’s business risk management strategy:
- Ownership. Organizations need to hold individuals responsible for fulfilling the roles for which they have been employed. The management of risk and compliance activities is everyone’s responsibility.
- Collaboration. Organizations need to reinforce collaboration across the enterprise on matters of risk and compliance management without regard to organizational boundaries.
- Efficiency. Automated processes should be designed to drive efficiencies by taking spreadsheets, email, file sharing and manual processes out of the equation and by employing workflows to automate processes.
- Business Context. A business risk management strategy should promote business context, as informed business decisions can be made only by considering problems within their complete context.
- Positive Assurance. At the end of the day, good business risk management should derive demonstrable assurance to the executives, shareholders, employees and applicable regulatory bodies.
- Sustainability. Business risk management requires a persistent commitment to sustain the effort and achieve the strategic benefits.
- Consistency. One can think of business risk management as a big playbook the organization uses to manage risk and compliance issues.
- Proficiency. Business risk management should invoke the concepts of continuous improvement and the elimination of redundant efforts.
- Agility. Given most organizations are in a constant state of motion, the business risk management program must enable agile processes to react, respond to and address changes to the business.
- Transparency. The concept of transparency should permeate the business risk management program.
- Balanced Effort and Reward. Finally, the business risk management program should be an effort to achieve the long-term balance between the rewards of embarking on the journey and the costs associated with the journey.
Learn more about RSA Archer® solutions for business risk management at rsa.com/grc.
CTMfile take: These dry words hide important thoughts and guiding principles. Well worth a download and a discussion in the corporate treasury department.
Like this item? Get our Weekly Update newsletter. Subscribe today