Page 25 - The Insurance Times January 2022
P. 25

Committee. The Audit Committee is generally focused on
         accurate financial reporting and disclosure, not specifically
         on how risk management might help the business run more
         effectively. The CRO who reports to an Audit Committee or
         a Chief Audit Executive, therefore, ends up being more of a
         risk controller than a risk manager.

         In majority of the institutions, particular in financial
         institutions like Banks and Insurance Companies, the CRO
         reports to the CEO, but has a direct relationship with the
         board by being a member of its various Committees and at
         times of the Board itself.

         As mentioned above, the Board is entrusted with the task
         of oversight or Governance rather than active management
         of Risk. Hence, it is necessary to clearly understand the
         distinction between these two functions.
                                                              managing risk is an organizational imperative – and line
         Risk Management refers to the practice of identifying  personnel are aware of and own the risks their operating
         potential risks in advance, analyzing them, and      activities create – it is difficult for any CRO to be successful.
         taking precautionary steps to reduce/curb the risk. It relates  The enterprise’s riskculture drives the “everyone is
         to the process of minimizing the harm and maximizing the  responsible” view. That view starts at the top. The risk
         opportunities that risks present to an organization. Risk  culture should be deeply embedded in the organization, so
         management is closely linked to the operational processes  that changes in the economic cycle, leadership, and staff
         to facilitate informed business decisions.           turnover do not make the culture disappear.

         On the other hand, Risk governance is the oversight of the  The first step to establishing the importance of risk culture
         risk management program to ensure that the program is  to an organization is beginning a conversation between the
         being managed properly and that all regulatory and reporting  Board and management regarding setting the “Tone at the
         obligations are being met. Framing Risk management policies  Top”. This is generally interpreted as setting of a high bar
         and putting in place a proper risk management structure falls  for honesty, integrity and ethical behavior which becomes
         under the purview of risk governance.                a foundation stone for a robust, resilient and ethical culture.

         You could say risk management is like the mechanic who makes  The various risks that the Board has to deal with fall into
         sure the vehicle runs properly and risk governance is like the  categories like governance risks, critical enterprise risks,
         vehicle inspector who makes sure the vehicle is still roadworthy.  business management risks and lastly emerging and non-
         To put it differently, Risk Governance is more about  traditional risks (such as climate change and disruptive
         effectiveness while Risk Management is more about efficiency.  technological innovation.) that are not normally on
                                                              management’s radar but will impact the organization’s
         Risk Governance and Risk Management can never be     business and are likely to be disruptive to the business.
         completely effective in isolation, each business needs to
         incorporate both into its operations to be successful.  The Board’s responsibilities are to oversee organizational
                                                              activities and risks while risk management rests with senior
         Boards have a difficult task in overseeing the management  management and ownership of risks resides in the business
         of the increasingly complex and interconnected risks that  units. It is very important that the Board monitors the
         are a threat to the survival of businesses. To effectively  alignment of strategy, risk, controls, compliance, incentives
         exercise its risk oversight role, there is a need for the Board  and people. Properly aligning these elements ensures that
         to build a strong risk culture in the organization. Mind-sets  there is not likely to be a disconnect between a company’s
         and behaviors of individuals and groups inside the   strategy and its execution. It’s important for the Board to
         organization play a crucial role in the execution of a  assess whether the company’s risk management system, its
         company’s enterprise-risk-management strategy. Unless  people and processes, are appropriate and well resourced.

                                                                        The Insurance Times, January 2022 25
   20   21   22   23   24   25   26   27   28   29   30