Every business...

... is Risky business


As part of the overall Governance, Risk, and Compliance (GRC), this involves the strategies for helping the organisation to effectively manage its overall performance for all its functional areas. Successful implementation involves deliberation of the requirements, approaches, and potential consequences.

  • Identify, assess, and prioritise risk.
  • Identify key controls and establish risk mitigation procedures.
  • Establish risk reporting and oversight framework and training.
  • Develop a risk model and risk rating criteria.

Some suggestions:

There are a few interventions that boards and top management need to consider, in order to improve their view and management of organisational risk.

  • Place risk in a positive context. Consider the potential for outcomes to be better, as well as worse, than expected, making it clear when you are talking about opportunities and risks. If necessary, avoid using words such as risk if they have a negative meaning in your organisation; eg consider alternatives such as 'volatility' and 'uncertainty'.

  • Integrate your strategy and risk decisions. When setting your strategy and business objectives, consider the potential for better or worse-than-expected outcomes from the outset.

  • Boards should adopt the 75:25 rule. Spend 75% of board meetings looking outwards and forwards. This will help the board to identify external and future threats and opportunities. Spend the remaining 25% of board meetings looking inwards and backwards. This will help the board to understand the organisation’s capabilities and competencies in areas such as finance and risk management.

  • It may be instructive for boards to reflect on the relationship between risk appetite and strategy when reaching decisions about both. Section 2.2 indicated that it is often unclear whether risk appetite should come before or after strategy (a ‘chicken and egg’ situation). Consider whether the board’s risk appetite determines strategy, or whether decisions about strategy lead to how the organisation frames its risk appetite.

    These are suggestions specifically put forward by the Plymouth Business School, and we are in full support of such interventions, among others.