Despite the focus on risk management organisations keep stumbling over risks that subsequent analysis shows were identified at the time, and which could have been prevented or mitigated. Merlin Stone says it is often projects or products which might infringe risk appetite of an entity that are the most successful, and adhering to a formal risk appetite might otherwise prevent potentially successful opportunities being pursued. He proposes an alternative approach.
Read MoreRisk-driven application security testing - four steps to securing business-critical applications
Board members will often say that a cyber attack is top of their ‘worry-list’. Richard Hollis explains that 84% of cyber-attacks occur at the application layer. He adds that this is the easiest to attack and the hardest to defend as it is the most exposed and accessible. Consequently, applications are the primary attack vectors for threat actors today. He suggests a straightforward and pragmatic 4-step process for ensuring the security integrity of business-critical applications prior to launch.
Read MoreRisk in the spotlight again: banking failures and lessons for risk committees
The banking sector has been hogging the headlines in the last week or so. Silicon Valley Bank and Credit Suisse, amongst others, have been rescued or propped up as their customers were fleeing. A number of factors may lie behind the collapses but, as Garry Honey argues, risk oversight by the board in each case was left wanting. He argues that foresight was lacking in their analysis of risk and, as a result, boards failed to see the inevitable.
Read MoreBringing risk into the heart of the organisation using rituals
Her extensive work in the area of purpose, people and culture has shown Alex Walker the important role that workplace rituals play in embedding culture. She points out that rituals increase team bonds, boost performance and lead to an increase in meaningful work and organisational citizenship behaviours. This is good news for an organisation’s risk culture, she says, as introducing appropriate rituals can influence attitudes to risk and help create a more risk aware environment.
Read MoreSeven-year itch - reflections of a chief risk and sustainability officer
After seven years in role as a Chief Risk & Sustainability Officer, Alex Hindson has recently moved on. Much (but not everything) has changed in this time so he has taken this opportunity to reflect on his tenure and the role he has undertaken. In this Risk Coalition blog, he considers how things have changed in the world of risk and sustainability. In the final analysis, Alex recommends that organisations work out what ‘Sustainability’ means for them and that they define their own ambition. He also cautions not to over-promise or to over-commit. Do less but do it well, he says, and at all times be authentic and be proactive.
Read MoreWhen dominant CEO meets weak Chair, risk inevitably follows
Successful organisations are typically led by strong chief executives but when this ‘strength’ veers towards a dominant style, unhealthy board dynamics often ensue. Michele Gorgordian explains that this highlights the importance of good dynamics and a constructive relationship between chair and chief executive, and that this means an effective chair that orchestrating proceedings is essential. Without this, there will be substantial governance risks.
Read MoreGreenwashing - to disclose or not disclose, that is the question?
Each group of a company’s stakeholders will have differing levels of influence, and will each contribute to shaping the context within which an organisation determines its sustainability strategy, says Alex Hindson. This sustainability strategy will drive what each organisation prioritises and reports on. But how does management determine what is relevant and appropriate to disclose? Alex says a risk-based approach can help companies determine their sustainability agenda and focus on priorities.
Read MoreBoards, risk professionals and internal audit must work together to navigate the ‘perfect storm’ of high-impact interlocking risks urges Chartered IIA
The Chartered IIA’s recently released ‘Risk in Focus 2023’ report provides an excellent picture of risk trends. Cybersecurity remains the top risk for the fifth year in a row, but the most dynamic rising threat to watch out for is Geopolitical and Macroeconomic Uncertainty. With an increasingly challenging risk landscape, Emma Expo considers what should internal audit, risk professionals and boards could do to navigate the more risky, uncertain and volatile times ahead.
Read MoreThe changing role of risk executives at board level as a result of Consumer Duty requirements
The introduction of the Consumer Duty by the Financial Conduct Authority has highlighted a changing and more strategic role required from chief risk officers, says Nicola Wee. The Consumer Duty has far-reaching impacts on regulated firms, affecting everything from operations to culture. Drawing on a recent survey of senior risk and compliance executives by regtech firm Aveni, she explains chief risk officers are perfectly placed to lead and implement the data-driven strategy that is now expected and she discusses the nature of changes they are implementing.
Read MoreThe board’s role in reputation risk management
So where does a company’s reputation fit in its risk framework which comprises risk strategy and risk appetite, risk management policies and procedures, and that the culture and behaviours that support it? David Butler argues that organisations’ reputation risk doesn’t appear on board agendas often enough, nor does it get proactive attention from boards. As a result, it is usually too late into a crisis situation that the board gets involved. He discusses the issues and suggests what needs to be done.
Read MoreLosing sight of culture-related risks
The last iteration of the UK Corporate Governance Code really brought corporate culture and purpose into focus. However, the Financial Reporting Council’s recent reviews of corporate governance reporting showed many businesses were slow to respond to the new reporting requirements, raising questions about whether these matters were given sufficient attention by some boards. Rafal Budzinski reflects on this progress and offers some suggestions for boards to take matters forward pragmatically.
Read MoreEnergy resilience - a risk boards cannot ignore
It is becoming increasingly evident that UK and European energy system will face significant risks this winter as Europe attempts to replace Russian gas that it has relied heavily upon in recent years. Boards have a key governance role to play, providing effective challenge in the area of energy supply, asking the right questions. Nigel Hobson sets out the context and explains what questions boards should be asking.
Read MoreA right royal lesson in corporate governance
A week on since the funeral of Her Majesty the Queen and the ending of the period of National Mourning, we still have much to reflect on. From a corporate governance perspective, Hanif Barma and Peter Neville Lewis have looked back and reflected on the recent events and uncovered a few lessons we could all learn in leading and governing our organisations as board members.
Read MoreThe risks of implementing emerging technology
Developing and implementing new technologies is often descried in relation to the substantial benefits and improvements that will inevitably result. However, Paul Taylor warns there are many real risks with implementing these technologies. These need to be carefully managed; if they are not, this could significantly reduce the likelihood of implementation success and the delivery of benefits. He suggests ten key areas any board should focus their challenge on when deciding on new technology developments and monitoring their progress.
Read MoreMaking decisions in times of uncertainty (part 3)
Decision making at times of uncertainty will be challenging for any board but their risk committee can play an important role to support them. In the previous two blogs in this series, Hanif Barma drew on a recent Risk Committee Chairs Forum (RCCF) roundtable, hosted by the Risk Coalition, identifying practical steps the risk committee could take. In this third and final blog of the series, he considers his four final learning points. These concern getting the balance of the committee’s focus right, allowing enough time, staying informed outside meetings and - of course - not forgetting the importance of culture.
Read MoreMaking decisions in times of uncertainty (part 2)
What can a risk committee do to help its board make better decisions, especially in the uncertain times we find ourselves in. Drawing on a recent Risk Committee Chairs Forum (RCCF) roundtable, hosted by the Risk Coalition, the discussion focused on what a risk committee should practically do to support its board. Building on his last blog for the Risk Coalition, Hanif Barma considers three further learning points in this blog. These concern risk spotting, use of scenarios and tne importance of avoiding getting distracted.
Read MoreMaking decisions in times of uncertainty (part 1)
Making good decisions is difficult at the best of times. In today’s environment more than ever, boards are finding effective decision making with a high level of confidence trickier than ever. Drawing on a recent Risk Committee Chairs Forum (RCCF) roundtable, hosted by the Risk Coalition, the discussion focused on what a risk committee should practically do to support its board. Hanif Barma considers the first three (of ten) learning points in this blog: the role of the risk committee, the importance of purpose, and the need for data and information.
Read MoreIs measuring the wrong things a risk?
Measures drive behaviours, argues Alison Bond, so it is essential that the all of an organisation’s measures are aligned and on course, asking for the right action for the right reason. Importantly, it is not just profit that needs to be measured - less tangible matters such as reputation and human capital need to be too, but these get too often put into the “too tricky to measure” category. She explains that these things are easier to measure than people think.
Read MoreRisk 2.0: Rebooting for Modern Risk Management (part 2)
As the modern risk team looks at a much wider range of risks than the traditional financial and operational risks, both within the firm’s perimeter and beyond, it needs to change the way it works and it needs to adopt a new mindset, according to Keith Davies. The CRO’s new challenges are to provide greater foresight, be more commercial, have greater focus on resilience and to embrace new tools that are available to better equip the risk team in undertaking its work. He considers these matters in this blog.
Read MoreRisk 2.0: Rebooting for Modern Risk Management (part 1)
With the geopolitical, macro and technology environments all changing at an accelerating rate, and stakeholder capitalism raising the importance of firms’ social licence to operate, Keith Davies explains that Risk teams now need to manage a raft of emerging, complex, and inter-connected tangible and intangible risks. This means that they need to change the way they work, all underpinned by a change in mindset.
Read More