the five key principles of successful risk management according to Jim DeLoach are presented and discussed in this article.
First, let’s congratulate Jim DeLoach for his recent recognition by the National Association of Corporate Directors. He received their Directorship 100 award this week.
Now, let’s look at his latest risk management post.
His 5 Key Principles of Successful Risk Management are:
- Integrity to the discipline of risk management
- Constructive board engagement
- Effective risk positioning
- Strong risk culture
- Appropriate incentives
OK.
Each is important.
But are they the key to successful risk management?
Are they half as good as the principles in ISO 31000:2009 or in World-Class Risk Management? The latter are:
- Risk management enables management to make intelligent decisions when setting strategy, planning, making decisions, and in the daily management of the organization. It provides reasonable assurance that performance will be optimized, objectives achieved, and desired levels of value delivered to stakeholders.
- Risk management provides decision-makers with reliable, current, timely, and actionable information about the uncertainty that might affect the achievement of objectives.
- Risk management is dynamic, iterative and responsive to change.
- Risk management is systematic and structured.
- Risk management is tailored to the needs of the organization and updated/upgraded as needed. This takes into account the culture of the organization, including how decisions are made, and the need to monitor the program itself and continually improve it.
- Risk management takes human factors (that may present the possibility of failures to properly identify, analyze, evaluate or treat risks) into consideration and provides reasonable assurance they are overcome.
How about these?
- Focus on enabling success rather than avoiding failure
- Help everybody make informed and intelligent decisions, understanding what might happen and acting accordingly
- Obtain reasonable assurance that people are making quality decisions and taking the right risks
The rest is detail.
Somehow, we need to move the practice away from a periodic review of a list of risks (which Jim refers to as enterprise list management) and to increasing the likelihood and extent of success.
I welcome your thoughts and commentary.
- How effective is your board (or governing body)? - August 14, 2024
- Internal audit and generative AI - July 17, 2024
- A risk-based approach to auditing governance processes - June 19, 2024