The traditional siloed view of risk management has evolved over many years of its development as a discipline, but there is increasing pressure to move more towards an enterprise view of the world.

This session discusses the differences between a siloed approach to risk management versus a true enterprise-wide view, in terms of the characteristics but also the problems that we're trying to solve. Where is the value-add? What value does a true enterprise risk management approach bring?

This blog includes the responses to the live polling and highlights from the Q&A session. View the entire webinar and slide pack here.

Poll responses: people are transitioning to enterprise, but integration remains partial

A majority of respondents say that their risk approach is mainly or fully enterprise-wide, but it’s only fully integrated for 8%:

NA True ERM webinar poll responses on siloed vs enterprise wide

 

Only 19% of respondents have failed to integrate their risk management with strategy and objectives at all, but only 19% have managed to integrate completely:

NA True ERM webinar poll on extent of risk management integration with strategy and objectives

 

Central risk taxonomies are growing in importance but the majority of respondents still don’t have one:

NA True ERM webinar poll results on whether viewers have a central risk taxonomy

 

Only 14% of respondents are using a dedicated ERM system, although a majority are now using some kind of specialised software rather than relying solely on Excel sheets:

NA True ERM webinar poll results on what viewers were using for risk management

 

Questions:

Do you think an organisation should talk about risk culture, or should risk be an integral part of the overall culture?

People talk a lot about risk culture. The first issue is that risk culture is part of the overall organisational culture. It is not different to the organisational culture. Now, culture to us is what people do when no one is looking. Organisational culture is effectively how they behave when no one is looking. Risk culture is how they behave with respect to risk management when no one is looking.

If you think about our children at home, your organisational culture is how your kids behave at home. Risk culture is how they behave with respect to risk. Do they go and put their helmet on when they go and ride their pushbike or not when mum and dad aren't looking at them? To me it is simply part of organisational culture.

Organisations that are not mature speak about risk separately. As you mature, it will become part of the wider organisational culture. At Protecht, we have a risk culture dashboard, which is built into our system that monitors the behaviour of all our staff with respect to risk, and that gives that subset. But as we are working with some clients, they're opening up to also capture the wider organisational culture.

Can project delivery execution risk be contained within ERM?

Yes, the project execution risk can absolutely be included. It depends on your methodology, but a lot of this is about looking at risks in the future – forecast risk positions. You've got all the risk details currently. It's a matter of forecasting forward to go when you deliver this change into the business, what will the risks look like in the future. It's basically a forecast risk profile. My belief is that it should be part of ERM.

 

Our full Enterprise Risk Management: Moving from a Siloed to a True Enterprise Approach webinar is available for you to watch on demand. Register and view the webinar here.

Related Articles

feature image
Compliance Management, Enterprise Risk Management, Operational Resilience

How resilient is Australia’s critical infrastructure?

Australia’s Department of Home Affairs issued a warning to critical infrastructure stakeholders in February 2022 in the wake of widespread...
Read more
feature image
Enterprise Risk Management

Cyber risk: Bringing resilience to remote working

Most businesses and security experts agree that the shift to remote work has encouraged malicious actors and opened new attack surfaces for them to...
Read more
feature image
Enterprise Risk Management, ERM

RMIA speaking session: Maturing ERM to the next level

Maturing ERM to the next level by focusing on dynamic, real-time, integrated risk management The agenda for our RMIA conference presentation on...
Read more