Managing, monitoring and mitigating risk




               2.2 Embedding risk

               The aim of embedding risk management is to ensure that it is ‘part of the way we do
               business’.


               Considered at two levels:

                    embedding risk in systems

                    embedding risk in culture.

               In systems:


                    ensuring that risk management is included within the control systems of an
                     organisation


                    a control system helps ensure that other systems (e.g. the accounting system)
                     are working correctly

                    not seen as a separate system


                    embedding risk management needs approval and support from the board.

               Note: In many jurisdictions, this is a statutory requirement (e.g. US) while in others it
               is a code of best practice (e.g. UK).

               In culture:

                    needs to be embedded into policies and procedures in an organisation

                    all workers in a company (board to employees) accept the need for risk
                     management

                    embedding into culture and values therefore implies that risk management is
                     ‘normal’ for the organisation.

























                                                                                                      201