Tag Archives: three lines of defense

What Gets Missed in Risk Management

Risk management is ultimately about creating a culture that would facilitate risk discussion when performing business activities or making any strategic, investment or project decision.

Here are some of the key points that are often missed:

  • Risk management is not just about tools and techniques; it is about changing the corporate culture and the mindset of management and employees. This change cannot happen overnight. Risk managers need to start small by embedding elements of risk analysis into various decision-making processes, expanding the scope of risk management over time.
  • It is vital to break the status quo where risk management is seen as a separate and independent activity. Instead, risk managers should integrate risk management into all core business activities. This can be achieved by integrating risk analysis into decision-making processes, assisting management in evaluating projects and strategic initiatives with the use of risk analysis tools, integrating risk management into strategic planning, budgeting and performance management, incorporating responsibilities in job descriptions, providing management training, etc.
  • Risk managers should strive to become advisers to senior management and the board, advisers who are trusted and whose recommendations are listened to. To achieve this, risk managers may need to break away from traditional models like “three lines of defense” and instead choose to actively participate in the decision-making, take ownership of some risks and provide an independent assessment of risks associated with important business decisions, maybe even vetoing some high-risk activities.

See also: A New Paradigm for Risk Management?  

To explore these topics, Elena Demidenko and I have written a free book, “Guide to Effective Risk Management 3.0” It talks about practical steps risk managers can take to integrate risk management into decision-making and core business processes. Based on our research and the interviews, we have summarized 15 practical ideas on how to improve the integration of risk management into the daily life of the organisation. These were grouped into three high-level objectives: drive risk culture, help integrate risk management into business and become a trusted adviser.

This document is designed to be a practical implementation guide. Each section is accompanied by checklists, video references, useful links and templates. This guide isn’t about “classical” risk management with its useless risk maps, risk registers, risk owners or risk mitigation plans. This guide is about implementing the most current risk analysis research into the business processes, decision making and the overall culture of the organization.

To download for free or read online, click here: https://www.risk-academy.ru/en/download/risk-management-book/