The Standard

The risk intelligent chief audit executive

By Standard Digital | 13yrs ago

Ofour many human foibles, complacency and denial rank among the most pervasive. Examples of evidence ignored and realities refuted abound in politics, business, and on an individual level, often leading to unfortunate outcomes.

The concept of risk offers a prime case in point. Despite the fact that risk permeates virtually every aspect of our personal and professional lives, calamity is often perceived as something that happens to the other guy, not to us.

For businesses, this perception can be dangerous indeed. In a time of intense competition, increased scrutiny, and escalating threats, a broad perspective and lucid thinking about the true risks facing a company become more important than ever. Yet, in our experience, few enterprises openly consider the possibility and consequences of failure, of bad luck, or of catastrophic loss.

This situation provides an opening for the chief audit executive (CAE). In today’s environment, as a CAE, you have a unique opportunity to help make significant improvements in enterprise risk management effectiveness and efficiency. Your mission — should you choose to accept it — is to fight complacency and denial by enabling the enterprise to acknowledge, understand, and address relevant risks and thereby seek to reduce costs.

Your challenge? To lead the charge for change; to galvanize support for an ambitious agenda; and to overcome the doomsayers and the "negative thinkers" (without being portrayed as one yourself!).

We define risk as the potential for loss or the diminished opportunity for gain caused by factors that can adversely affect the achievement of a company’s objectives. Note that this definition encompasses risk’s dual nature, representing at the same time the potential for both loss and reward. The distinction is key: We believe that companies that focus solely on risk avoidance may survive but rarely thrive; only those that intelligently manage risk taking as a means to value preservation and value creation will excel in today’s perilous yet opportunity-rich business environment.

risk/reward picture

Your role as today’s CAE, then, is to help determine that management is keeping the enterprise’s risk/reward picture in balance, both preserving and creating value, by taking a holistic approach to the management of risks across the enterprise.

As a top-performing, high-value CAE, you can help develop a common understanding of the different types of risks, including regulatory and contractual compliance, competitive, environmental, security, privacy, business continuity, strategy and execution, reporting, and operational.

You can also help evaluate the efficiency and effectiveness of how risk information is shared and managed across business activities and functions, while helping improve the enterprise’s capability to prevent, detect, correct, and escalate critical risk issues.

This approach can reduce the cost of risk management by sharing risk information and coordinating the responses of existing risk management functions. In so doing, the overall effectiveness and efficiency of risk management can be improved.

As a CAE, you can bridge the gap with operating management by speaking their language, framing the risk discussion in terms of growth, profitability, and shareholder value creation.

Risk Intelligent CAEs understand their companies’ value and growth objectives and how the different types of risks, when not effectively and efficiently managed, can contribute to a failure to achieve these objectives.

You can help focus and steer the activities of internal audit and other functions involved with risk management toward a more integrated and holistic approach to help the company manage the risks most critical to the achievement of its objectives –- that is, to make more money and to reduce the burdens of risk management and compliance.

Bridge the silos

Risk management is nothing new. In fact, plenty of sophisticated risk management practices already take place within most companies. The finance department manages credit risk; IT handles security and privacy risks; and so on. Unfortunately, these risk specialists often work in organizational and/or physical isolation: they don’t talk in the same business terms and often measure risks using different criteria.

Of course, risks don’t exist in isolation. A privacy risk can evolve into a reputational risk, a litigation risk, and a financial risk, all in short order.

Your challenge as a CAE is to assist the enterprise in integrating risk information across all organizational boundaries. By facilitating the development of a uniform governance, risk, and compliance framework, you can help bring together — often for the first time — an integrated view of the enterprise which can lead to a better understanding and response to risks and how they may interact, while also reducing the burden on the business.

You can also act as a catalyst and enabler by getting risk specialists talking to one another; developing a common risk language and harmonizing the way risk is identified, assessed, and measured; so that risk intelligence can be shared across specialist silos.

For example, if there are multiple risk and control self-assessments being performed today, how valuable would it be to your company to reduce that number and yet get better information and intelligence as a result?

Your answers to these questions are critical in determining if your current risk assessment model is Risk Intelligent and, if not, where to improve.

The majority of companies today, even the largest and most forward thinking, can always improve their Risk Intelligence. It does not have to be a complex and multilayered undertaking. As CAE, you can act as an enabler and catalyst to develop an integrated means to improve your company’s Risk Intelligence capabilities.

[email protected]

The views expressed in this article are those of the author and not necessarily those of the firm.

Related Topics

catastrophic loss business environment
.

Latest Stories

NCPB sets in motion plans to compensate farmers for fake fertiliser
NCPB sets in motion plans to compensate farmers for fake fertiliser
Business
By Titus Too
20 hrs ago
Woman loses three children in Lake Baringo boat tragedy
Rift Valley
By Yvonne Chepkwony
20 hrs ago
Utamaduni Day now Mazingira Day as October 10 holiday renamed again
National
By PCS
21 hrs ago
.

The Standard Insider

Firm linked to fake fertiliser calls for arrest of Linturi, NCPB boss
By Josphat Thiong'o 21 hrs ago
Premium Firm linked to fake fertiliser calls for arrest of Linturi, NCPB boss
Azimio calls for independent inquiry into Ogolla's death
By Brian Otieno 21 hrs ago
Premium Azimio calls for independent inquiry into Ogolla's death
Scented success: Passion for cologne birthed my venture
By Yvonne Chepkwony 21 hrs ago
Premium Scented success: Passion for cologne birthed my venture
Prosecution, defense lawyers differ over Sh177m Maasai Mara University graft case
By Julius Chepkwony 21 hrs ago
Premium Prosecution, defense lawyers differ over Sh177m Maasai Mara University graft case
.

Digger Classified

DIGGER MOTORS

DIGGER JOBS

DIGGER REAL ESTATE

GET OUR NEWSLETTER

Subscribe to our newsletter and stay updated on the latest developments and special offers!

CONNECT WITH US

FOR THE LATEST JOB ADVERTS

join Digger Classifieds telegram channel
The Standard
© 2024. The Standard Group PLC. All rights reserved