Case Study: Governance, Risk & ComplianceRisk Assessment to implement/change a company’s risk culture
Implementing an effective risk culture due to regulatory scrutiny
We worked with a company facing challenges to improve the effectiveness of its risk culture. Prior to our overall assessment, there was little evidence of a risk culture and there was insufficient awareness of risk across all levels. This required a risk assessment to identify solutions and a strategy to change behaviours across the organisation with a focus on training and awareness.
Risk culture responsibility starts at the top management/board level as they need to clearly understand what risks should be accepted and what risks should be minimised or avoided. They should support both culture and conduct risk through robust governance and training programs.
We focused on a top-down approach for risk/culture management and strategy formulation to establish a Risk Appetite Framework (RAF) based on a clear Risk Appetite Statement. One of the key considerations was to improve culture, governance, and accountability.
We advised how a strong risk culture does not necessarily imply taking as little risk as possible, but instead the company should take appropriate risks to fit their risk appetite, vision, and strategy.
We provided thought leadership and risk assessment approaches and techniques as part of wide enterprise-risk management (ERM) assessment. We helped the organization move up the maturity curve in their ongoing development of a robust risk and controls structure to transform their risk management culture. We followed the COSO ERM framework: event identification, risk assessment and followed by risk response.
The risk management frameworks/tools and procedures can only be effective when they are used in the right way and at the right time. To increase the impact on the culture we focused on training, risk planning involvement, status meetings, and risk identification sessions.
Revision of procedures, policies, rules, and regulations leads to increase clarity and employee accountability. The involvement of management and subject matter experts helped to increase the standards and quality commitment of staff.
We focused on understanding the day-to-day behaviours across the company. This was important to drive the right changes to meet regulatory requirements and successfully manage the risk. The risk assessment gave us an opportunity to improve the risk conduct and culture of the company.