What is risk governance?
Risk governance applies the principles of good governance to the identification, assessment, management and communication of risks. It refers to the formal structures used to support risk-based decision making and oversight across all operations of an organisation. Risk governance involves the board, board committees, delegations, management structures (i.e. CEO, senior management team, etc.) and related reporting. Risk governance structures must be designed to fit the size, business mix and complexity of each organisation’s operations.
To manage risk effectively, the board must ensure it has adequate systems to measure, manage and report the material risks to which it is exposed. The risk management system must be sufficient to:
- Provide the board, board committees and the SMT with regular, accurate and timely information regarding the organisation’s risk profile;
- Measure, assess and report all material risks;
- Provide robust (relevant, timely, complete and accurate) data;
- Measure risk against pre-determined limits (tolerances) and promptly report and escalate when limit breaches occur;
- Provide a sound basis for making risk-based decisions.
Our risk governance framework can be used in any organisation. The framework informs our risk services and is compatible with generic risk management standards such as AS/NZS ISO 31000:2009 and COSO Enterprise Risk Management.
Our Risk Governance Services
Our risk governance services range from risk management training for boards and management teams to working with the board and management to design a risk management policy, process and framework, including guidelines, that are appropriate to the specific organisational environment. The process/framework we use is based on AS/NZS ISO 31010:2009 and customised to meet our clients’ specific requirements (e.g. APRA-regulated; ASX-listed).
We can assist your organisation with:
- Assessing the fundamentals of enterprise risk management (ERM)
- Establishing a preliminary high level enterprise risk register
- Developing a risk heat map to define the risk appetite
- Implementing an easy to use risk management and reporting framework
- Agreeing a risk tolerance statement for the organisation
- Developing policies and procedures for risk, compliance and business continuity management
- Professional development on risk and risk management
For those organisations with established risk management systems, we can assist by:
- Performing an enterprise risk assessment
- Building a detailed enterprise risk register
- Embedding risk oversight into governance processes
- Enabling the organisation to supervise, monitor, and report against risk
- Advising on how to implement a culture of continual improvement in risk management