Board of directors
The board of directors is ultimately responsible for the risk management process. The board needs to understand important risks faced by the enterprise and needs to provide guidelines on the enterprise’s risk appetite and risk management process. The board is responsible to continuously ensure that adequate risk management processes are in place. However, the actual risk management activities must be delegated to the risk management function.
Risk management environment
The risk management environment involves matters associated with people such as culture, philosophy, how people are trained and developed, how appropriate behaviour of employees is incentivized, reinforced and compensated.
Culture is an important part of the risk management environment. Endorsement of the appropriate risk management culture by all levels of management within the organization is vital for successful risk management processes. Such endorsement should be evident from management’s attitude as well as from resource allocation. The values of an organization need to reflect that risk management is important. Buy-in (acceptance) from all employees with regards to the importance of risk management is necessary. Accountability should be assigned to business units, divisions and employees for their required input into the risk management process.
Performance of employees should be aligned with risk management objectives. Only this way will employees will be enticed to bring their utmost effort in executing their contribution to ensure appropriate risk management. Adequate performance with regard to risk management objectives should contribute to rewards for the employee.