Part of this involves instilling in the culture a way to think about risk. It’s clear
that we live in uncertain times. By taking this uncertainty into account —
rather than ignoring it — we can incorporate risk into the complete business
cycle of strategy- and objective-setting, business planning and budgeting, exe-
cuting against plan, and measuring performance.
Identifying the Critical Components of a
Successful Risk Management Framework
As you might have guessed, all of the approaches to risk management that we
discussed in the previous section are not mutually exclusive. In this section,
we combine the best of these approaches to see what it takes to build a suc-
cessful risk management framework. A successful enterprise risk management
framework requires four components:
�Making risk part of the culture from the top level down
�Building an organization to help with risk
�Instituting a systematic framework for dealing with risk
�Using technology to automate the monitoring and the management of
risks
In the next few sections, we unpack each of these components in more detail.
A culture that takes risk seriously,
from the C-suite down
Building risk into the culture doesn’t mean having employees hang-gliding off
the roof of corporate headquarters. What it doesmean is that there is support
for risk management that starts at the top with the C-level executives, includ-
ing the CEO, CFO, and COO. This level of risk buy-in is critical. Further, if the
company puts a policy in place and an employee violates it, a response from
C-level executives to the whole company helps to clarify that this initiative is
to be taken seriously. C-level execs have to hold themselves to the same stan-
dards that they expect of their employees; they must build risk analyses into
their own decision-making.
One effective way for the C-suite to help build a culture of risk management is
in creating a formalized risk policy — communicating their expectations to all
employees and setting standards for how often risk management and report-
ing must be done.
Chapter 2: Risky Business: Turning Risks into Opportunities 47
