When it comes to investing in risk management, many organisations still aren’t ready. Their current focus is mainly on financial control and compliance, with risk management only perceived as effective if it is implemented organisation-wide. How can it be that so many organisations still regard risk management as a poor relation? Using an analogy of a pre-holiday risk analysis, Senior Manager Pim Hagelstein explains.
At last, time to go on holiday! A wonderful prospect, but one that involves a lot of preparatory activities too. So many, in fact, that carrying out a risk analysis in advance shouldn’t be seen as an unnecessary luxury. What if we miss the flight, are our passports still valid, what if our suitcases don’t arrive? Now if you’re wondering what all this has to do with your organisation, the answer is “plenty”. In an organisation too, things can turn out differently to what you expect. In the same way that preparing for a holiday can offer a solution for an unexpected turn of events, an ICF (Internal Control Framework) constitutes an effective risk-management system for an organisation.
An ICF provides insight into the risks that can jeopardise an organisation’s chances of achieving its objectives. It is a key element that’s crucial for the effective realisation of those objectives. But exactly what form should it take in your organisation? As a risk consultant, I have noticed that many financial-services providers either have difficulty setting up an ICF policy, or are reluctant to put it into practice. Because it’s often seen as an instrument with which to achieve compliance with changing legislation and regulations, attention is only paid to these risk-management aspects. But if you integrate an ICF in all the departments of an organisation, it can also serve as an asset that will help you make better strategic decisions. As such, it not only spotlights risks, it also throws light on potential opportunities.
It has always been important to map out your risks, but the urgency to do so is constantly increasing. Living in world that is moving faster and faster means that there are ever-more risks to be taken into account. Like cyber risks or sustainability risks, for example. An organisation-wide ICF policy will render these risks more manageable and make you more able to realise your objectives. It will also provide more insight into the risks faced by all departments and change programmes, such as migrations or legal-compliance processes (IFRS17, Pension Act, Solvency II). The organisation will thus be much better placed to prepare quickly for external developments.
A will, but not necessarily a way
If an ICF policy can only benefit an organisation, why is it that so many organisations are still so reluctant to implement risk management? The answer to this question lies in the fact that the organisation-wide integration of an ICF is not something that can be achieved overnight. Many organisations lack the resources and expertise to do so. Moreover, it can be a challenge to get all the relevant stakeholders to adopt the new ways of working that are associated with this change. While most organisations are positive about implementing an ICF policy, they have no idea where to start.
Now or never
The time has come, however, to decide. And to act. Investing in risk management is no longer a matter of if you will do it, but when you will do it. So why wait, if you can reap the benefits now? True, its implementation can be tough. But with a clear and project-based approach it can go very smoothly. Furthermore, risk management has to be carried out from a strategic standpoint. Information about risks and how they should be managed must be reported in a clear framework and linked to the organisation’s strategic objectives. Only then will risk management be given the place it deserves in the organisation’s decision-making processes. It will be carried out because everyone will benefit, and not because it is perceived as a necessity.
A worry-free holiday business
So, in the same way that I want to go on holiday with a minimum of worries, as an organisation you will want to be prepared for all possible risks and realise your objectives in the most efficient way possible. Don’t limit your focus to financial control and compliance. Instead, ensure that your ICF policy is implemented across your whole organisation, consistently and effectively, and with a focus on your strategic objectives. And don’t postpone it; act now. Make risk management a crystal clear element in your organisation and set your sights on a worry-free future.
ITDS risk-management experts can develop a Risk-Control Framework
that will enable everyone to draw up a clear ICF policy, an understandable and tangible approach to getting an ICF to work properly for you. If you want to learn more about our approach, or need help with a risk-management issue, check out our services.