• Robert Bell

With change comes risk...


Agility and, therefore, change is beneficial to all organisations; being able to change products, services and internal processes allows a firm to stay ahead of competitors. But with change comes risk. Risk which must be managed correctly in order to maximise the benefit of the change by minimising the risks associated with it. Technology undoubtedly plays an important role in the modern regulated firm’s approach to risk management.

What does good risk governance look like?

Imagine a scenario. Your risk management team meets with each department quarterly

to hold a risk review. Risks are identified, logged on your brand new risk management

system, mitigation is proposed by the risk owner and, again, recorded on the system. At

the monthly risk committee the risks and proposed mitigating actions are debated and

actions are agreed. The committee also ensures that previous mitigating actions are

updated, with any amends re-debated.

Everything sounds great with the above scenario, but what is missing?

That’s right, your senior managers are not gaining a “bird’s-eye view” of the risks affecting

the business and the development of mitigating actions to control those risks.

Risk Governance

Governance is the process by which senior individuals administer the organisation, this is

always reliant upon being able to achieve a “bird’s eye view”.

Risk governance, therefore, applies governance to the conventions, processes and

mechanisms by which decisions about risks are taken and implemented.

Your risk governance must address the following questions:

  1. Do people within your firm understand the consequences of the risk?

  2. Do they have the capacity to mitigate and manage the risk?

  3. Does the firm have the resilience to deal with unavoidable consequences of the risk?

  4. What process do we have in place to address elements of the risk or its mitigation we are uncertain about? To what extent should these be used?

What does good risk governance look like?

Carrying on with our ideal scenario, you might be used to the risk committee pulling

together reports for senior managers to discuss at certain governance or board meetings,

but there is a better way.

A fluid third line, reporting into senior managers, prevents the risk team from presenting,

or failing to present, inaccurate information and issues that they want to display. Imagine

a third line of defence which has access to the risk management system, reviewing its

usage each week to benchmark use against the company’s agreed risk management

process and industry best practice. Truly independent reports can then be produced for

senior managers alongside the usual risk updates.

To achieve this best practice we have teamed up with Dynamatix to create a first rate risk

management service. The service uses the risk management system of Dynamatix overlaid

with consultancy from RB Compliance Consultancy Ltd. We consult with you initially to

agree a robust risk management process, then we review your usage of the system,

ensuring that the risks you are raising are actually risks, have been raised correctly, that

you are identifying economic/industry wide risks and that you are acting in accordance

with policies.

We keep you on track throughout your entire risk management process

before reporting process, or lack of, to senior managers! It is the ultimate system for firms

looking to get ahead of the game.

#Dynamatix #technology

Conduct Rules Training

Training courses to comply with the FCA's annual training requirement

Compliance Resource Library

Download our FCA Guidance, SM&CR and GDPR Compliance Resources

© 2020 by RB Compliance Consultancy Ltd.

Registration No: 07904749.  All rights reserved. 

Created by Michelle Lucherini Marketing