Controlling risk




               2.2 Embedding risk

                             The aim of embedding risk management is to ensure that it is ‘part of
                             the way we do business’


                             Considered at two levels:

                                  embedding risk in systems

                                  embedding risk in culture


               In systems

                    ensuring that risk management is included within the control systems of an
                     organisation


                    embedding risk management needs approval and support from the board

               NB  In many jurisdictions, this is a statutory requirement (e.g. US) while in others it is
               a code of best practice (e.g. UK).


               In culture

                    needs to be embedded into policies and procedures in an organisation.

                    all workers in a company (board to employees) accept the need for risk
                     management.

                    embedding into culture and values therefore implies that risk management is
                     ‘normal’ for the organisation


































                                                                                                      141