The events of 2020 made it clear that risk management must not only be a priority at the management level, but also interwoven into the culture of the whole organization. There are many factors to consider when building a risk culture within your organization, both internal and external. Part 1 of this series discussed the most critical aspect of this initiative, the people. In this article, we’ll dive into the other internal factors institutions need to consider.
Defining all the internal factors to review can be complex, as there are often hidden risks that are inherent to the relationships/interactions between the various factors. Taking a holistic and systematic approach will help you to determine how best to make this change.
A good place to start is assessing your business activities and processes. Use enterprise/operational risk assessment data to evaluate how your business activities fit into the risk ecosystem. Ideally, as a part of that process, you’ve mapped technologies, third parties, partners etc. to help you unwind and pinpoint potential misalignments with the culture you’re working to develop. If you haven’t yet mapped these interdependencies, now is a great time to start.
When assessing these internal factors, ask yourself:
Reviewing all your processes and the interdependencies may seem tedious; however, this is a great opportunity to uncover potential gaps and take stock of the data you collect. This level of review will set up your organization for success as it seeks to start cultivating a strong risk culture. Leave no stone unturned. Next, we’ll look at the external factors to consider.
Julia O’Connell is Quantivate’s senior vice president of product development and works with customers to define product requirements and determine ongoing development strategies.
A risk-aware culture starts with the people. Get tips and considerations for engaging leadership, empowering employees, and sustaining success.