Risk Management has become a critical function in every organization with rapid changes in business models, technologies, customer expectations, and competition. Added to this are the regulatory and compliance requirements. In such a scenario, focusing on the following will help improve the overall effectiveness of Risk Management function:
- An inclusive approach that engages process owners and practitioners in identifying risks and controls. The key is to create a sense of ownership by providing the required knowledge in identifying risks. This should include assessing risks by looking at the impact on business, customers, stakeholders, society and environment, and on all the employees that deliver those services.
- Integrate risk identification and controls into the process management framework (and technology). Today many processes use technology tools to run their processes. So it is easy to integrate risk controls into the tool. Such integration should also focus on providing insights using both lead and lag indicators leveraging emerging technologies. Explore options to have built-in responses (actions) to identified risks.
- Internalize risk management practices among process owners and practitioners. There should be a sense that they are doing risk management for their customers and their own sake; and not for some corporate risk management function.
The Corporate Risk Management function should still own the overall risk management at the corporate level. It should provide a professional and independent view of risks. At the same time, they should also focus on the above by playing a facilitator role.