Case Study: Governance, Risk & ComplianceRisk Assessment to implement/change a company’s risk culture
Implementing an effective risk culture due to regulatory scrutiny
We worked with a company facing challenges to improve the effectiveness of its risk culture. Prior to our overall assessment, there was little evidence of a risk culture and there was insufficient awareness of risk across all levels. This required a risk assessment to identify solutions and a strategy to change behaviours across the organisation with a focus on training and awareness.
Risk culture responsibility starts at the top management/board level as they need to clearly understand what risks should be accepted and what risks should be minimised or avoided. They should support both culture and conduct risk through robust governance and training programs.
We focused on a top-down approach for risk/culture management and strategy formulation to establish a Risk Appetite Framework (RAF) based on a clear Risk Appetite Statement. One of the key considerations was to improve culture, governance, and accountability.
We advised how a strong risk culture does not necessarily imply taking as little risk as possible, but instead the company should take appropriate risks to fit their risk appetite, vision, and strategy.
We provided thought leadership and risk assessment approaches and techniques as part of wide enterprise-risk management (ERM) assessment. We helped the organization move up the maturity curve in their ongoing development of a robust risk and controls structure to transform their risk management culture. We followed the COSO ERM framework: event identification, risk assessment and followed by risk response.
The risk management frameworks/tools and procedures can only be effective when they are used in the right way and at the right time. To increase the impact on the culture we focused on training, risk planning involvement, status meetings, and risk identification sessions.