Page 74 - IRMSA Risk Report 2020

P. 74

RISK MANAGEMENT ADEQUACY, EFFEC TIVENESS AND MATURITY

1. Expect risk management to be more real-time and less driven by the annual plan or the quarterly reporting
opportunities.
2. Request a risk maturity assessment at least every three years to assess independently the organisation’s risk maturity.
3. Risk management capabilities must include quantitative and analytical skills as this may make risk management
more predictive and support the business’ strategy with alternative futures, which will lead to better decision-
making.

DOES Y OUR OR GANISATION MEASURE IT S RISK M ANA GEMENT HO W DO Y OU MEASURE THE ADEQU A C Y AND EFFEC TIVENESS OF
M ATURIT Y ? Y OUR RISK M ANA GEMENT PR OCESS ?

Functional Management Functional Management
Operational Management Operational Management
Company Secretary Company Secretary
Other Assurance Roles (e.g. Audit, Compliance, Ethics) Other Assurance Roles (e.g. Audit, Compliance, Ethics)
Risk Consultant/Professional Risk Consultant/Professional
Risk Practitioner Risk Practitioner
Risk Manager Risk Manager
Chief Risk Officer/Head of Risk Chief Risk Officer/Head of Risk
Chief Operations Officer
Chief Financial Officer Chief Operations Officer
Chief Executive Officer Chief Financial Officer
Non-Executive Director or Committee Member Chief Executive Officer
Non-Executive Director or Committee Member
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Yes - we measure it and actively base continuous improvement based on our findings
Yes - we measure it and report on it annually as part of our maturity journey We continually explore innovative ways to actively demonstrate the adequacy and effectiveness of our process
Yes - we measure it as a compliance exercise We have a clearly defined process, which is optimally incorporated into our combined assurance process
No - we are not able to or do not see the need to measure our maturity level If we have no audit findings on the risk management process, we consider it adequate and effective
No - We do not know how to measure the adequacy and effectiveness of our risk management maturity We do not know how to measure the adequacy and effectiveness of our risk management process
No - We do not see the need to measure the adequacy and effectiveness of our risk management maturity We do not see the need to measure the adequacy and effectiveness of our risk management process
WHAT IS Y OUR OR GANISATION ’ S RISK M ANA GEMENT M ATURIT Y
LE VEL ?

Functional Management
Operational Management
Company Secretary
Other Assurance Roles (e.g. Audit, Compliance, Ethics)
Risk Consultant/Professional
Risk Practitioner
Risk Manager
Chief Risk Officer/Head of Risk
Chief Operations Officer
Chief Financial Officer
Chief Executive Officer
Non-Executive Director or Committee Member
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Intelligent - systems thinking, predictive capability and scenarios inform strategy and decision making
Optimising - we have continuous, integrated risk management processes
Managed - automated, quantitative process is in place
Defined - we have a basic, standardised risk management process in place
Initial - our risk management process is informal and ad hoc

G R A P H S 6 : R I S K M A N A G E M E N T A D E Q UACY, E F F E C T I V E N E S S A N D M AT U R I T Y .

7 3

69 70 71 72 73 74 75 76 77 78 79