New hires come from a variety of education and experience backgrounds and most importantly, each new employee has their own perception of what is an acceptable risk. It is important for risk managers to cooperate with the Human Resources department or any other business unit responsible for training, to jointly carry out training on the basics of r…

Tone at the top is very important for risk culture development. Executives and Board members play a vital role in driving the risk management agenda. Nowadays many executives and Board members have a basic understanding of risk management. Auditors, risk management professional associations and regulators have been quite influential in shaping the …

Provide additional risk management training to the in-house risk management team and business units responsible for internal control, audit, finance, strategy and others. Risk managers may conduct it personally or outsource to third party providers. In-depth risk management training should include (this example is based on the actual risk managemen…

An active network of “risk champions” is a very effective way to develop strong risk management culture. This network could become the “glue” between the risk management team and the rest of the business. “Risk champions” can be of three types: Official risk coordinators - employees, whose official duties include coordination of risk management pro…

Once risk management roles and responsibilities have been documented in job descriptions and committee charters then appropriate and measurable KPIs should be developed. Just like anything else, risk management KPIs need to be integrated into the overall performance management system, better still existing KPIs should be made risk-based instead of …

Every risk manager we have interviewed explained to us that periodic risk culture evaluations help strengthen it. So, we wanted to give readers some practical ideas around it. There are multiple models which can be used to assess the current state of risk culture, including the risk culture framework developed by the Institute of Risk Management, U…

Most modern-day risk managers are familiar with developing a risk management framework or procedure documents. These documents capture risk management roles and responsibilities, outline risk management processes as well as other aspects of risk management. Risk management framework documents became so common, that nowadays they don’t require much …

Risk managers may begin the implementation of the selected risk governance model by documenting risk management roles and responsibilities. It is quite common to describe risk management roles and responsibilities in risk management policy or a framework document. This approach seems simple to implement, yet not very effective, as business units of…

The risk governance model depends on the management and shareholders’ expectations, the regulatory requirements as well as on the risk manager’s competencies and on the resources available for risk management implementation. The risk governance can be structured using the classical three lines of defence concept: The 1st line of defence - Business …

Listen to two risk managers discussing some of the most controversial and hottest topics in risk right now. See them debate, argue and comment on some of the most common risk management misconceptions.By Alex Sidorenko

A large part of risk management success depends on the support and commitment from executives, Board members and key stakeholders. It is important, as early as possible, to identify specific people at different levels within the organisation who support the concept of risk-based management and are ready to assist the risk manager: At the executive …

Risk managers should build relationships and join forces with the other managers responsible for performance improvement initiatives, like lean management, quality, safety, environment, security, internal audit or others. Risk managers should participate in relevant major performance improvement workshops (for example, kaizen sessions during lean p…

Risk managers should encourage employees to openly raise risk management related issues. This is possible by spending a considerable amount of time every day communicating with their colleagues and staying up-to-date on the latest developments and emerging risks or failures in the internal control system. Share the risk manager’s contact informatio…

Selling risk management to key stakeholders is not simple. Risk managers need to learn to be proud of their contribution to the overall success of the company. Any positive results achieved by managing certain risks to a high standard should trigger the risk manager to share this success both internally and externally. This can be done by presentin…

Most of the risk managers we have interviewed agreed that having a management level Risk Management Committee has a significant positive effect on the overall risk management culture. While the composition of the Risk Management Committee can vary from company to company, it should be sufficiently representative to ensure different points of view o…

This next step is very important to reinforce strong risk culture within the organisation. ISO31000:2018 states “Oversight bodies are often expected or required to: — ensure that risks are adequately considered when setting the organization’s objectives; — understand the principal risks facing the organization in pursuit of its objectives; — ensure…

Most organisations have already documented their appetite for different common decisions or business objectives. Segregation of duties, financing and deal limits, procurement criteria, investment criteria, zero tolerance to fraud or safety risks – are all examples of how organisations set risk appetites. Appetites or limits for different kinds of d…

It is generally considered a good idea to document an organisation’s attitude and commitment to risk management in a high-level document, such as a Risk Management Policy. The policy may describe the general attitude of the company towards risks, risk management principles, roles and responsibilities, risk management infrastructure as well as resou…

Risk managers should discuss the outcomes of risk analysis with the executive team to see whether the results are reasonable, realistic and actionable. If indeed the results of risk analysis are significant, then the executive management with the help from the risk manager may need to: Revise the assumptions used in the strategy. Consider sharing s…

In this RiskStudio episode, we interview Rob Jeges on Implementing Risk Appetite within the ISO 31000 framework. Rob covers Risk Appetite, Risk Attitude, Risk Criteria and Real-life examples of Risk Appetite Statements.By Manoj Kulwal, Chief Architect and Co-Founder at RiskSpotlight

In this RiskStudio episode, we interview Alex Sidorenko on the topic of Risk Appetite. In this rather controversial interview, Alex shares his views on the topic of Risk Appetite and its relevance to the companies outside of financial services.By Manoj Kulwal, Chief Architect and Co-Founder at RiskSpotlight

In this episode, we discuss Objective Centric ERM with Tim Leech. Topics covered include - Comparison between Risk Centric and Objective Centric ERM, Benefits of Objective Centric ERM, Barriers for Implementing Objective Centric ERM, Q&A.By Manoj Kulwal, Chief Architect and Co-Founder at RiskSpotlight

In this section, we discuss Bow-Tie Analysis technique with David Tattam. Topics covered include - how to construct a bow-tie, application areas and pros + cons on bow-tie analysis technique.By Manoj Kulwal, Chief Architect and Co-Founder at RiskSpotlight

In this section, we cover 12 videos from Grant Purdy. In each video, Grant highlights a commonly found Risk Management Myth and provides guidance on how to address themBy Manoj Kulwal, Chief Architect and Co-Founder at RiskSpotlight

In this section, we showcase Digital Reasoning, which is bringing benefits of artificial intelligence and big data domain to risk management areas such as Risk Monitoring and Risk Treatment.By Manoj Kulwal, Chief Architect and Co-Founder at RiskSpotlight

In this section, we cover recent news articles related to risk management and highlight aspects relevant for risk managers.By Manoj Kulwal, Chief Architect and Co-Founder at RiskSpotlight

In this section, we share details of FREE learning resources available on the web for risk management.By Manoj Kulwal, Chief Architect and Co-Founder at RiskSpotlight

In this section, we cover new innovative solutions which can enhance the design or implementation of risk management.By Manoj Kulwal, Chief Architect and Co-Founder at RiskSpotlight

In this section, we talk to Gary Bierc about his patented methodology to calculate cost of risk management.By Manoj Kulwal, Chief Architect and Co-Founder at RiskSpotlight

This section briefly introduces the RiskStudio podcast series.By Manoj Kulwal, Chief Architect and Co-Founder at RiskSpotlight