Risk management should be embedded into an organization's culture so that everyone is focused on managing risks. However, good governance involves more than managing risks. It is also about establishing clear control systems, communicating the health of the organization to the capital markets, preventing fraud, ensuring compliance with laws and regulations and, ultimately, gaining value from the compliance process.
Risk management is not the responsibility of a single department — it is the responsibility of everyone, from the chief executive down. Past corporate failures have been attributed to a lack of accountability, strategy and transparency. Tougher expectations by regulators and other stakeholders mean that corporations and financial institutions should demonstrate better discipline, control and responsibility.
Financial risks have probably never been more acute. Capital reserves, credit portfolios, investment policies and capital and debt profiles all demand constant scrutiny to adequately manage and mitigate risk. Companies should also be vigilant about risks associated with their suppliers. A counterparty who defaults on a contract or whose business collapses can have serious financial and reputational ramifications for related parties.
Many companies are more likely to pursue litigation for losses that might incur during more prosperous times, and disputes may develop if organizations blame other parties for inappropriate or negligent behavior that results in financial or business loss.
Increasingly, internal audit is in many companies elevated from pure compliance to a function that regularly reviews the risk profile for emerging risks and identifies trends as it keep its finger on the pulse of business performance. The chief risk officer, meanwhile, becomes increasingly involved in strategic decision-making where the emphasis is as much on risk as it is on growth.
