Nine fundamental principles of risk intelligence |
Nine fundamental principles of an effective risk management program define and integrate risk-related responsibilities at every level of the organisation.
Risk governance
Principle 1: A common definition of risk, which addresses both value preservation and value creation, is used consistently throughout the organization
Principle 2: A common risk framework supported by appropriate standards (e.g., COSO, etc.) is used throughout the organization to manage risks
Principle 3: Key roles, responsibilities and authority relating to risk management are clearly defined and delineated within the organization
Principle 4: Governing bodies (e.g., boards, audit committees, etc.) have appropriate transparency and visibility into the organization’s risk management practices to discharge their responsibilities
Risk infrastructure & management
Principle 5: Executive management is charged with primary responsibility for designing, implementing and maintaining an effective risk program
Principle 6: A common risk management infrastructure is used to support the business units and functions in the performance of their risk responsibilities
Principle 7: Certain functions (e.g., internal audit, risk management, compliance, etc.) provide objective assurance as well as monitor and report on the effectiveness of an organization’s risk program to governing bodies and executive management
Risk ownership
Principle 8: Business units are responsible for the performance of their business and the management of risks they take within the risk framework established by executive management
Principle 9: Certain functions (eg, finance, legal, information technology, human resources, etc.) have a pervasive impact on the business and provide support to the business units as it relates to the organization’s risk program
By effectively implementing these principles, a company can transform itself into a Risk Intelligent organization where:
- Leaders take a risk intelligent attitude that incorporates a broad outlook on risk and integrates risk thinking into strategic decision-making.
- The board executes fiduciary responsibilities to ensure that appropriate risk management controls and procedures are in place.
- Capable processes, systems and trained people exist to act on such intelligence in a timely and coordinated manner.
- A consistent approach is used across the organization to managing all classes of risk in an effective and efficient manner.
- Read more about applying the Nine fundamental principles of risk intelligence in our white paper Putting risk in the comfort zone.
