Upload File

an appetite - iirsm appetite for risk... · an appetite for risk ... iso 31000 requires a policy...

  • Home
  • Documents
  • An appetite - IIRSM appetite for risk... · An appetite for risk ... ISO 31000 requires a policy – the allocation of risk ... FEBRUARY 2015 Risk management Risk management 14 15
1
An appetite for risk Emma Cundiff weighs up the pros and cons of developing an enterprise risk management programme. ISO 31000:2009 ISO 31000:2009, Risk management – Principles and guidelines, provides principles, framework and a process for managing risk. It can be used by any organisation regardless of its size, activity or sector. Using ISO 31000 can help organisations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment. Though ISO 31000 cannot be used for certification purposes, it does provide guidance for internal or external audit programmes. Organisations using it can compare their risk management practices with an internationally recognised benchmark, providing sound principles for effective management and corporate governance. R isks affecting organisations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes. Therefore, managing risk effectively helps organisations to perform well in an environment full of uncertainty. One of the roles of a health and safety professional is to support the development and maintenance of an effective safety management system. Within that system they may devise risk assessment systems and oversee the process of assessing the risks to health and safety of employees and others as directed by various pieces of legislation. To many this is ‘risk management’ but to others risk management has a much wider context. Setting the standard The ISO 31000 Risk Management Standard defines risk management as ‘coordinated activities to direct and control an organisation with regard to risk. Enterprise risk is often thought of as just financial risk, but to the general risk practitioner, it encompasses a whole range of risks that an organisation faces. Many of the spectacular business failures in recent years have been down to inadequate, or complete lack of risk management. The effects reverberate around the globe and at a micro level affect those caught up in their negative aftershocks. There is little regulation for the management of enterprise risk. Principle C2 of the UK Corporate Governance Code 2014 (UKCGC) states that ‘the board is responsible for determining the nature and extent of the principal risks it is willing to take in achieving its strategic objectives. ’ The code follows the principle of “comply or explain” and is not a rigid set of rules. The London Stock Exchange listing rules require companies to apply the main principles of the code and report to their shareholders how they have complied with them. For other businesses there is little incentive to manage risk at all despite it being in their best interests to do so. Unlike health and safety, the nearest a director would come to a breach of the law in would be under the Companies Act 2006 and that doesn’t happen very often. Taking control So how does a company develop and implement an enterprise risk management process? The law dictates how far an organisation must go in protecting people, but it is up to the board to decide how much risk the business is willing to take and how far they will take the risk management process. A board needs to be entrepreneurial in advancing the development of the organisation and sometimes they will need to take some risks. But this risk taking must be informed. Directors who take entrepreneurial risks are seeking positive outcomes and need to identify what risks must be taken to achieve this, but they must also know what the downsides are and take steps to control them. How far these risks are controlled is entirely up to the directors. ISO 31000 requires a policy – the allocation of risk responsibilities and analysis procedures need to be defined. The risk management process involves identifying the context in which the organisation operates. Risk events are identified and analysed using a predetermined set of risk descriptors. This enables the organisation to decide if the risk is adequately controlled in the context of its risk appetite. Enterprise risk management is too broad a subject to be covered in a short article. But the skills that have been applied in the health and safety domain can be very useful in implementing an enterprise risk management system. Safety professionals need to be adaptable and accept that in some cases it’s going to be goodbye to ‘so far as is reasonably practicable’. Emma Cundiff is an international enterprise risk management and occupational safety and health specialist Further information For more information, visit www.iso.org/iso/ home/standards/iso31000.htm GK Hart/Vikki Hart WWW.IIRSM.ORG FEBRUARY 2015 WWW.IIRSM.ORG FEBRUARY 2015 Risk management Risk management 15 14

Upload: vodieu

Post on 18-Aug-2018

219 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: An appetite - IIRSM appetite for risk... · An appetite for risk ... ISO 31000 requires a policy – the allocation of risk ... FEBRUARY 2015 Risk management Risk management 14 15

An appetite for riskEmma Cundiff weighs up the pros and cons of developing an enterprise risk management programme.

ISO 31000:2009ISO 31000:2009, Risk management – Principles and guidelines, provides principles, framework and a process for managing risk. It can be used by any organisation regardless of its size, activity or sector. Using ISO 31000 can help organisations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.

Though ISO 31000 cannot be used for certification purposes, it does provide guidance for internal or external audit programmes. Organisations using it can compare their risk management practices with an internationally recognised benchmark, providing sound principles for effective management and corporate governance.

R isks affecting organisations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and

societal outcomes. Therefore, managing risk effectively helps organisations to perform well in an environment full of uncertainty.

One of the roles of a health and safety professional is to support the development and maintenance of an effective safety management system. Within that system they may devise risk assessment systems and oversee the process of assessing the risks to health and safety of employees and others as directed by various pieces of legislation. To many this is ‘risk management’ but to others risk management has a much wider context.

Setting the standardThe ISO 31000 Risk Management Standard defines risk management as ‘coordinated activities to direct and control an organisation with regard to risk’. Enterprise risk is often thought of as just financial risk, but to the general risk practitioner, it encompasses a whole range of risks that an organisation faces. Many of the spectacular business failures in recent years have been down to inadequate, or complete lack of risk management. The effects reverberate around the globe and at a micro level affect those caught up in their negative aftershocks.

There is little regulation for the management of enterprise risk. Principle C2 of the UK Corporate Governance Code 2014 (UKCGC) states that ‘the board is responsible for determining the nature and extent of the principal risks it is willing to take in achieving its strategic objectives.’ The code follows the principle of “comply or explain” and is not a rigid set of rules. The London Stock Exchange listing rules require companies to apply the main principles of the code and report to their shareholders how they have complied with them. For other businesses there is little incentive to manage risk at all despite it being in their best interests to do so. Unlike health and safety, the nearest a director would come to a breach of the law in would be under the Companies Act 2006 and that doesn’t happen very often.

Taking controlSo how does a company develop and implement an enterprise risk management process?

The law dictates how far an organisation must go in protecting people, but it is up to the board to decide how much risk the business is willing to take and how far they will take the risk management process. A board needs to be entrepreneurial in advancing the development of the organisation and sometimes they will need to take some risks.

But this risk taking must be informed. Directors who take entrepreneurial risks are seeking positive outcomes and need to identify what risks must be taken to achieve this, but they must also know what the downsides are and take steps to control them. How far these risks are controlled is entirely up to the directors.

ISO 31000 requires a policy – the allocation of risk responsibilities and analysis procedures need to be defined. The risk management process involves identifying the context in which the organisation operates. Risk events are identified and analysed using a predetermined set of risk descriptors. This enables the organisation to decide if the risk is adequately controlled in the context of its risk appetite.

Enterprise risk management is too broad a subject to be covered in a short article. But the skills that have been applied in the health and safety domain can be very useful in implementing an enterprise risk management system. Safety professionals need to be adaptable and accept that in some cases it’s going to be goodbye to ‘so far as is reasonably practicable’.

Emma Cundiff is an international enterprise risk management and occupational safety and health specialist

Further information For more information, visit www.iso.org/iso/home/standards/iso31000.htm

GK

Har

t/V

ikki

Har

t

WWW.IIRSM.ORGFEBRUARY 2015

WWW.IIRSM.ORGFEBRUARY 2015

Risk managementRisk management

1514

RISK APPETITE FRAMEWORK - My LIUCmy.liuc.it/MatSup/2017/A93114/frm2018 - RISK APPETITE... · 2017-10-20 · •risk objectives are part of the risk appetite statement •Both the

Risk Appetite: Linkage with Strategic Planning - · PDF fileRisk Appetite: Linkage with Strategic ... “Risk Appetite: Linkage with Strategic Planning ... Without a clear understanding

Risk Appetite - IIA

Measuring Investors’ Risk Appetite in Emerging Markets · Measuring Investors’ Risk Appetite in Emerging Markets Presented by Fatih Kiraz, MKK . Investor Risk Appetite Index

RISK APPETITE: ESTABLISHING BOUNDARIES

Fraud Risk Management...Addressing Risk Appetite Every company has a different risk appetite. Management needs to address risk appetite in relation to fraud. The difference between

Risk Culture & Risk Appetite

Aligning Risk Appetite and Exposure

Financial markets' appetite for risk - and the challenge ... · Financial markets’ appetite for risk ... its evolution by risk appetite indicators ... separately like Kumar and

Risk Appetite Assessment Framework and Implementation ...€¦ · The ERM Framework of Risk Appetite: Risk Appetite Assessment Framework and Implementation Program for an Organization

Risk Appetite and Risk Tolerance

Enhancing Our Risk Appetite Framework - ERM) Symposium · Desired Outcomes 1. An approach to developing a risk appetite framework and risk appetite statement. 2. Understanding how

Risk Appetite Framework. Why Define Risk Appetite & Tolerance? ●Helps align risk taking with strategic objectives –Establishes direct link between strategy

Risk Appetite Working Party (GIRO) · Risk Appetite Working Party (GIRO) Risk Appetite for a General Insurance Undertaking . Risk Appetite Working Party Members (2011): George Orros

Risk Appetite and Tolerance · Risk Appetite And toleRAnce ABoUt tHis coURse The ISO 31000:2009 definition of Risk Appetite shows that it is concerned with the kinds of risk an organi-

Defining Your risk Appetite - Oliver · PDF fileDefining Your risk Appetite ... connecting risk Appetite to keY Decision ... Risk indicators linked to the main drivers of short and

Risk Appetite Revisited Towers Watson

Risk Assessments/Risk Appetite Judith Gruenbaum 1

BALANCING RISK APPETITE AND STRATEGY EXECUTION · BALANCING RISK APPETITE AND STRATEGY EXECUTION 3 ///// Once the risk appetite has been articulated and approved by the board of …

Risk appetite: A multifaceted approach to risk management

Unraveling Risk Appetite - Erasmus University …Unraveling Risk Appetite Applications of decision theory in the evaluation of organizational risk appetite Het ontrafelen van risicoacceptatiegraad

Risk Assessments/Risk Appetite

Risk Policy and Strategic Risk Appetite

RISK APPETITE RENAISSANCE - RBC Global Asset …media.rbcgam.com/...compass-risk-appetite-201303.pdf · Source: RBC GAM. Source: Haver Analytics, RBC GAM. RISK APPETITE RENAISSANCE

RISK ASSESSMENT: The Healthcare Experience - IIRSM

Risk Appetite

RISK APPETITE STATEMENT - · PDF filevalue drivers risk appetite statement risk identification risk assessment control assessment risk mitigation, treatment & transfer monitoring &

Integrating Risk Appetite with Strategy

Linkage between Risk AppetiteLinkage between Risk Appetite

Understanding Risk Appetite

Risk Appetite in Banking - Institute of Risk Management

Risk Appetite Revisited - Towers Watson

Setting Conduct Risk Appetite. Assessing risk and identifying cultural drivers for clear definitions of your firm's conduct risk appetite

Assessing Your Risk Appetite

Risk appetite frameworks How to spot the genuine article · Risk appetite frameworks How to spot the genuine article ... effective risk appetite frameworks were protected from