![Logo[1].jpg](https://static.wixstatic.com/media/94cd04_f19ec68826ff46fe9ef76eb000435b8e~mv2.jpg/v1/fill/w_238,h_121,al_c,q_80,usm_0.66_1.00_0.01,enc_avif,quality_auto/Logo%5B1%5D.jpg)
With change comes risk...
Agility and, therefore, change is beneficial to all organisations; being able to change products, services and internal processes allows a firm to stay ahead of competitors. But with change comes risk. Risk which must be managed correctly in order to maximise the benefit of the change by minimising the risks associated with it. Technology undoubtedly plays an important role in the modern regulated firm’s approach to risk management.
What does good risk governance look like?
Imagine a scenario. Your risk management team meets with each department quarterly
to hold a risk review. Risks are identified, logged on your brand new risk management
system, mitigation is proposed by the risk owner and, again, recorded on the system. At
the monthly risk committee the risks and proposed mitigating actions are debated and
actions are agreed. The committee also ensures that previous mitigating actions are
updated, with any amends re-debated.
Everything sounds great with the above scenario, but what is missing?
That’s right, your senior managers are not gaining a “bird’s-eye view” of the risks affecting
the business and the development of mitigating actions to control those risks.
Risk Governance
Governance is the process by which senior individuals administer the organisation, this is
always reliant upon being able to achieve a “bird’s eye view”.
Risk governance, therefore, applies governance to the conventions, processes and
mechanisms by which decisions about risks are taken and implemented.
Your risk governance must address the following questions:
Do people within your firm understand the consequences of the risk?
Do they have the capacity to mitigate and manage the risk?
Does the firm have the resilience to deal with unavoidable consequences of the risk?
What process do we have in place to address elements of the risk or its mitigation we are uncertain about? To what extent should these be used?
What does good risk governance look like?
Carrying on with our ideal scenario, you might be used to the risk committee pulling
together reports for senior managers to discuss at certain governance or board meetings,
but there is a better way.
A fluid third line, reporting into senior managers, prevents the risk team from presenting,
or failing to present, inaccurate information and issues that they want to display. Imagine
a third line of defence which has access to the risk management system, reviewing its
usage each week to benchmark use against the company’s agreed risk management
process and industry best practice. Truly independent reports can then be produced for
senior managers alongside the usual risk updates.
To achieve this best practice we have teamed up with Dynamatix to create a first rate risk
management service. The service uses the risk management system of Dynamatix overlaid
with consultancy from RB Compliance Consultancy Ltd. We consult with you initially to
agree a robust risk management process, then we review your usage of the system,
ensuring that the risks you are raising are actually risks, have been raised correctly, that
you are identifying economic/industry wide risks and that you are acting in accordance
with policies.
We keep you on track throughout your entire risk management process
before reporting process, or lack of, to senior managers! It is the ultimate system for firms
looking to get ahead of the game.
