The days when a CEO could claim ignorance of what staff further down the organization were doing are gone — if they ever existed.

Any successful effort to review and improve the quality of risk management in an organization starts at the very top.

While the CEO, CFO, upper management and the board should take ownership of risk, risk management is overseen by the company’s various risk and compliance functions. These specialist groups could include:

• Internal audit
• IT risk experts
• External audit
• Legal and regulatory
• Chief risk officer

Providing that these assurance, risk and control activities are in place and effective, and then aligning and coordinating their activities, are important individual elements of good risk management.

But their value to the business can increase enormously when they are working in harmony. The total risk management process will then contribute far more than the sum of its parts.

Turning risk into results

These leading risk practices can be organized into five company challenge areas.

<< Previous | Next >>