No 'quick fix' available for effective risk management in organisations
A new report by Cass Business School for the ACCA (the Association of Chartered Certified Accountants) uncovers how board-level risk management activities vary in organisations as a result of internal and external factors. The report, Risk and performance: Embedding risk management, highlights common challenges and good practices to overcome risk management difficulties.
The study combines findings from four in-depth case studies including interviews as well as a review of current academic literature.
The insights were consolidated to create the "risk gearbox," a conceptual model for embedding risk management in organisations. It shows how formal and informal risk management mechanisms combine to create "strategic thrust" to support the board decisions on strategic risk taking and control. There are also a number of recommendations for organisations looking to improve the effectiveness of their risk management arrangements.
Some key recommendations from the report include:
- Effective risk management requires the use of complementary formal and informal mechanisms to achieve strategic objectives.
- Communication is vital between business units and functions, as well as communication to/from the risk management function and internal audit function
- The risk management function has a pivotal role in communication and building risk management relationships.
Jamie Lyon, ACCA's interim director Professional Insights, said:
"Organisations in every sector, whether large or small, simple or complex, invest time and resources in managing risk. This new report finds effective risk management is an essential element in the success or failure of these organisations but it cannot be effective if it is not embedded. There are no easy answers or quick fixes when embedding risk management. Given the variety of means available, organisations must allow risk management practices to evolve to their needs."
Dr. Cormac Bryce from Cass Business School said:
"All too often the risk management function of organisations has been seen to concentrate on threat reduction. This current report highlights the important value-added that risk management can provide as organisations attempt to seize opportunities and maximise their success."
Lead researcher of the report, Dr. Simon Ashby from Vlerick Business School said:
"Our report shows that embedding risk management is about more than monitoring risk metrics, risk and control assessment or independent oversight from the risk function. Staff within organisations need to believe that the tools of risk management and the work of the risk function add value. To achieve this, risk managers must be experts in social networking and relationship building. It is hard to achieve technical expertise in the formal tools of risk management and in the informal aspects of human relations, but we observed four risk functions that were successful in doing both."
Dr. Patrick Ring from Glasgow Caledonian University said:
"Effective communication is key to successful risk management in any organisation. Importantly, we found that informal modes of communication are integral in underpinning the more formal organisational structures that support risk management. As a result, the successful risk managers we met were able to build productive relationships across all areas of their organisations, increasing the profile and effectiveness of risk management in their businesses."