Table 2-1(continued)
Line of business Line of business managers need tools to be able to drive their
managers performance and respond to their top risks to help them
achieve their objectives.
They need company- and role-based risk best practice play-
books. Line of business experts should be provided with guides
that help them identify risks that often occur within business
processes, provide potential mitigation and management strate-
gies, and include benchmark assumptions and setup of risk
monitoring processes.
Companies can learn from the experiences of these users,
examining which responses were effective in the past so that
they can avoid making mistakes twice.
Benefit: Line of business managers start to own and drive risk
management for their areas, a true sign that risk management
is now part of the culture.A risk management organization:
Distributing responsibility
throughout the culture
Even if risk is part of the company culture, someone needs to be minding the
store, ensuring that risk information is being gathered and updated so that it
can properly inform corporate decisions large and small. Appointing a corpo-
rate risk manager can help ensure that risk management is given the attention
and focus it requires.As with any type of corporate messaging, having someone in charge helps
ensure that the message is delivered and is owned by the business units. Risk
managers should have as part of their objectives the goal of building a risk-
aware organization. Effective risk management should permeate the organiza-
tion, providing vertical visibility from the top management to the line of
business managers and their workers. Risk management professionals should
push responsibility for risk down to the level of line of business owners. In
this way, risks can be rolled up and monitored at other levels as needed.You can easily see how risk managers can help the company manage risks by
pushing responsibility down into the organization. What’s a little more subtle
is the horizontal visibility that this ultimately provides.By monitoring, managing, and documenting risks and risk response actions,
the company builds a pool of experience in managing risks. Managers can
learn how to better manage, and even model, risks in their own organization,