Page 33 - RMAI Bulletin July - September 2021
P. 33

RMAI BULLETIN JULY TO SEPTEMBER 2021


             Committee is generally focused on accurate financial  of businesses. To effectively exercise its risk oversight
             reporting and disclosure, not specifically on how risk  role, there is a need for the Board to build a strong
             management might help the business run more      risk culture in the organization. Mind-sets and
             effectively. The CRO who reports to an Audit     behaviors of individuals and groups inside the
             Committee or a Chief Audit Executive, therefore, ends  organization play a crucial role in the execution of a
             up being more of a risk controller than a risk manager.  company’s enterprise-risk-management strategy.
                                                              Unless managing risk is an organizational imperative –
             In majority of the institutions, particular in financial  and line personnel are aware of and own the risks their
             institutions like Banks and Insurance Companies, the  operating activities create – it is difficult for any CRO
             CRO reports to the CEO, but has a direct relationship  to be successful. The enterprise’s riskculture drives the
             with the board by being a member of its various  “everyone is responsible” view. That view starts at the
             Committees and at times of the Board itself.     top. The risk culture should be deeply embedded in
                                                              the organization, so that changes in the economic
             As mentioned above, the Board is entrusted with the  cycle, leadership, and staff turnover do not make the
             task of oversight or Governance rather than active  culture disappear.
             management of Risk. Hence, it is necessary to clearly
             understand the distinction between these two     The first step to establishing the importance of risk
             functions.                                       culture to an organization is beginning a conversation
                                                              between the Board and management regarding setting
             Risk Management refers to the practice of identifying  the “Tone at the Top”. This is generally interpreted as
             potential risks in advance, analyzing them, and  setting of a high bar for honesty, integrity and ethical
             taking precautionary steps to reduce/curb the risk. It  behavior which becomes a foundation stone for a
             relates to the process of minimizing the harm and  robust, resilient and ethical culture.
             maximizing the opportunities that risks present to an
             organization. Risk management is closely linked to the  The various risks that the Board has to deal with fall
             operational processes to facilitate informed business  into categories like governance risks, critical enterprise
             decisions.                                       risks, business management risks and lastly emerging
                                                              and non-traditional risks (such as climate change and
             On the other hand, Risk governance is the oversight  disruptive technological innovation.) that are not
             of the risk management program to ensure that the  normally on management’s radar but will impact the
             program is being managed properly and that all   organization’s business and are likely to be disruptive
             regulatory and reporting obligations are being met.  to the business.
             Framing Risk management policies and putting in place
             a proper risk management structure falls under the  The Board’s  responsibilities are  to oversee
             purview of risk governance.                      organizational activities and risks while risk
                                                              management rests with senior management and
             You could say risk management is like the mechanic  ownership of risks resides in the business units. It is
             who makes sure the vehicle runs properly and risk  very important that the Board monitors the alignment
             governance is like the vehicle inspector who makes  of strategy, risk, controls, compliance, incentives and
             sure the vehicle is still roadworthy. To put it differently,  people. Properly aligning these elements ensures that
             Risk Governance is more about effectiveness while  there is not likely to be a disconnect between a
             Risk Management is more about efficiency.        company’s strategy and its execution. It’s important for
                                                              the Board to  assess whether the company’s risk
             Risk Governance and Risk Management can never be  management system, its people and processes, are
             completely effective in isolation, each business needs  appropriate and well resourced.
             to incorporate both into its operations to be successful.
                                                              While an organization can appoint a “best in class”
             Boards have a difficult task in overseeing the   CRO that ticks all the necessary CRO boxes, if the
             management of the increasingly complex and       organization does not fully embrace and acknowledge
             interconnected risks that are a threat to the survival  the role, it will be doomed to fail from the outset. It is


                                                           31
   28   29   30   31   32   33   34   35   36   37   38