Page 84 - IRMSA Risk Report 2021
P. 84

5.2.4  RISK MATURITY AND RISK CULTURE

          Interpreting the Sensemaker results, human behaviour and culture significantly influence all aspects of risk management at
          each level and stage. Therefore, there is a lot riding on having an enabling risk culture in the organisation to be driven as part of
          the overall organisational culture effort of the Human Capital Management Function. Very specifically, the setting of clear roles
          and responsibilities – and, equally, a clear and well-articulated accountability framework for risk-management activities.  Clearly
          defined escalation rules for risk appetite and risk response breaches to ensure consequence management.

          The continuing parade of organisational catastrophes (and indeed some notable successes) demonstrates that frameworks,
          processes  and  standards  for  risk  management,  although  essential,  are  not  sufficient  to  ensure  that  organisations  reliably
          manage their risks and meet their strategic objectives. What is missing are the behavioural and risk maturity elements: why do
          individuals, groups and organisations behave the way they do – and how does this affect all aspects of the management of risk?




          THE CALL TO ACTION:

          IRMSA continuously challenges organisations to answer, amongst others, the following questions:
          •   Is my risk management capability mature enough to respond in a way that supports the organisation in such a way that
              threats are adequately responded to and opportunities fully leveraged?
          •   Is my organisation risk intelligent and resilient?
          •   Is there buy-in to risk-management and risk leadership at the highest levels of the organisation?
          •   Do all managers have a consistent understanding of what constitutes acceptable and unacceptable risk to the
              organisation?
          •   Do managers have specific risk-management responsibilities in their key performance indicators?
          •   Is a transparent, integrated approach taken to risk-management reporting?
          •   Are the management mandates appropriate to the risk-management delegations and performance measures?
          •   Are the response measures for critical risks observed consistently at all levels of the organisation?















        84
   79   80   81   82   83   84   85   86   87   88   89