No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

10 Questions You Should Ask About Risk Management

by Jim DeLoach
February 18, 2022
in Risk
10 Questions you should ask about risk management

This article was original published in 2013 and was updated in 2022.

Rapid change seems to be the order of the day, as the speed and complexity of business continue to increase. Technological advances such as cloud computing, mobile devices and social media continue to take hold. Regulatory demands continue to expand. Workforce dynamics continue to evolve. These and numerous other trends spawn new risks, altering risk profiles and exposing business models to disruptive change. Because of this dynamic environment, enterprise risk management should provide the discipline to ensure a fresh look at the organization’s risk management capabilities from time to time.

10 Questions for Management and Boards

  1. What are the company’s top risks, how severe is their impact and how likely are they to occur? – Managing enterprise risk at a strategic level requires focus, meaning generally emphasizing no more than five to 10 risks. Day-to-day risks are an ongoing operating responsibility.
  2. How often does the company refresh its assessment of the top risks? – The enterprise wide risk assessment process should be responsive to change in the business environment. A robust process for identifying and prioritizing the critical enterprise risks, including emerging risks, is vital to an evergreen view of the top risks.
  3. Who owns the top risks and is accountable for results, and to whom do they report? – Once the key risks are targeted, someone or some group, function or unit must own them. Gaps and overlaps in risk ownership should be minimized, if not eliminated.
  4. How effective is the company in managing its top risks? – A robust process for managing and monitoring each of the critical enterprise risks is essential to successful risk management, and risk management capabilities must be improved continuously as the speed and complexity of business change.
  5. Are there any organizational “blind spots” warranting attention? – Cultural issues and dysfunctional behavior can undermine the effectiveness of risk management and lead to inappropriate risk taking or the undermining of established policies and processes. For example, lack of transparency, conflicts of interest, a shoot-the-messenger environment and/or unbalanced compensation structures may encourage undesirable behavior and compromise the effectiveness of risk management.
  6. Does the company understand the key assumptions underlying its strategy and align its competitive intelligence process to monitor external factors for changes that could alter those assumptions? – A company can fall so in love with its business model and strategy that it fails to recognize changing paradigms until it is too late. While no one knows for sure what will happen that could invalidate the company’s strategic assumptions in the future, monitoring the validity of key assumptions over time as the business environment changes is a smart thing to do.
  7. Does the company articulate its risk appetite and define risk tolerances for use in managing the business? – The risk appetite dialogue helps to bring balance to the conversation around which risks the enterprise should take, which risks it should avoid and the parameters within which it should operate going forward. The risk appetite statement is decomposed into risk tolerances to address the question, “How much variability are we willing to accept as we pursue a given business objective?” For example, separate risk tolerances may be expressed differently for objectives relating to earnings variability, interest rate exposure, and the acquisition, development and retention of people.
  8. Does the company’s risk reporting provide management and the board information they need about the top risks and how they are managed? – Risk reporting starts with relevant information about the critical enterprise risks and how those risks are managed. Are there opportunities to enhance the risk reporting process to make it more effective and efficient? Is there a process for monitoring and reporting critical enterprise risks and emerging risks to executive management and the board?
  9. Is the company prepared to respond to extreme events? – Does the company have response plans for unlikely extreme events? Has it prioritized its high-impact, low-likelihood risks in terms of their reputational effect, velocity to impact and persistence of impact, as well as the enterprise’s response readiness?
  10. Does the board have the requisite skill sets to provide effective risk oversight? – To provide input to executive management regarding critical risk issues on a timely basis, directors must understand the business and industry, as well as how the changing environment impacts the business model.

These 10 questions can provide a framework for taking a fresh look at the risk management process given changes in the business environment. The answers may provide insight on how the company can measure the success of its risk management capabilities.


Previous Post

SEC Proposes New Cybersecurity Risk Management Rules for Investment Advisers and Funds

Next Post

DOJ’s Civil Cyber Fraud Initiative Could Find Health Care Companies Exposed on Multiple Fronts

Jim DeLoach

Jim DeLoach

Jim DeLoach, a founding Protiviti managing director, has over 35 years of experience in advising boards and C-suite executives on a variety of matters, including the evaluation of responses to government mandates, shareholder demands and changing markets in a cost-effective and sustainable manner. He assists companies in integrating risk and risk management with strategy setting and performance management. Jim has been appointed to the NACD Directorship 100 list from 2012 to 2018.

Related Posts

launch visual lease esg steward

Visual Lease Launches ESG Tool for Asset Portfolios

by Corporate Compliance Insights
March 31, 2023

Lease software provider Visual Lease announced it has launched a new product, VL ESG Steward,  designed to help organizations track...

PW FCPA Enforcement and Anticorruption 2022 Review_f

FCPA Enforcement & Anti-Corruption Developments

by Corporate Compliance Insights
March 30, 2023

The year that was in FCPA & anti-corruption efforts 2022: A Year in Review FCPA Enforcement & Anti-Corruption Developments What’s...

JTC ESG and Impact Investing_f

The Evolution of ESG & Impact Investing: Are You Ready?

by Corporate Compliance Insights
March 30, 2023

Making money *and* doing the right thing Survey Report The Evolution of ESG & Impact Investing: Are You Ready? What’s...

Regology 2023 State of Regulatory Compliance_f

2023 State of Regulatory Compliance

by Corporate Compliance Insights
March 30, 2023

Understanding the impact of regulatory challenges Survey Report 2023 State of Regulatory Compliance What’s in this report from Regology:As the...

Next Post
DOJ hq in Washington

DOJ’s Civil Cyber Fraud Initiative Could Find Health Care Companies Exposed on Multiple Fronts

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT