All organisations must take risks in order to meet their objectives. Risk Management is about taking risks in a considered manner having first identified what those risks are and treating them accordingly. In essence risk management is part of sound management practice.
Essential elements of implementing fit-for-purpose risk management within any organisation include visible leadership by the senior management team and the education and training of managers and staff.
Organisations tend to maintain risk registers but they must not rely too heavily on them. Rather they must ensure that they have sufficient resilience, both financial and operational, to withstand unexpected shocks. This is where business continuity management, in the true sense as opposed to the standard definition, comes in.
Risk Management within organisations and Risk Governance by the Boards of those organisations has received increased attention since the banking crisis in 2008 and the publication of the Walker report in July 2009. The implication for non financial institutions was explored in an equivalent report produced by the ICAEW foundation and Independent Audit Ltd in October 2009*. With so much recent and relevant information available in the public domain, it is not our objective to restate these findings in our own words, but rather to highlight those of greatest significance to our work and explain how our methods will deliver the achievement of best practice for our clients.
*Getting it Right. A Report by Independent Audit Limited on Risk Governance in Non-Financial Services Companies