To coincide with the launch of our new risk and risk management hub and the first of our subject-based campaigns, we put out a short survey to ask members and our social media followers about their opinions on organisational risk.
In a business context, risk is anything that threatens an organisation’s ability to achieve targets. However, risk can also present opportunity. Risk management refers to the full process of identifying and mitigating risks, and preventing negative impacts.
The results of our poll show that most respondents were optimistic regarding their organisation’s management of risk – 57% of respondents told us that risk was dealt with well or very well, with the remaining 43% selecting ‘neither well nor poorly’. Those who said they manage risk well in their organisation attributed the success to their boards being engaged with the risk management process and using regular monitoring and reporting. 74% of respondents said they believe their organisation's exposure to risk is increasing.
When asked ‘What are the main types of risk that you feel your organisation is susceptible to?’, respondents gave the following options*:
*respondents were able to select multiple options
In our free text question which asked respondents to share additional areas of risk that they were exposed to as an organisation, some highlighted the cost of living crisis and the buoyancy of the labour market creating a risk of staff resignations.
These findings are similar to those of our FTSE 350 Boardroom Bellwether survey.
In our recent blog, Governance and compliance frameworks are a necessary component of effective risk management, we looked at how individuals who really embrace risk will use the data and knowledge that an effective risk framework provides to underpin discussions, decisions and strategic focus. Creating a risk model and framework that is beneficial to the organisation; reflects the sector in which it works; and incorporates any regulatory requirements is a core element of good governance. Aligning this framework to the practicalities of organisational activities and strategic decision-making without stultifying potential should be an ideal for all senior leaders to strive for.
In another blog, we looked at cyber risk management and considerations of all forms of digital risk. All employees have responsibilities for the management of cyber risk; this includes complying with acceptable use policies, reporting potential hacking attacks and not revealing sensitive information on social media. Oversight of cyber risk management activities often lies within the IT team. This team may be supported by the risk function and other specialist functions like HR and compliance, especially in relation to people and legal-related controls.
In response to our final question, ‘What you think would help your organisation deal with risk better?’, better implementation of, or improved risk management processes, ranked highest, alongside the need for more robust electronic systems and data protection.
Another factor highlighted by our respondents was audit reform. If you are looking for more information on this topics, please have a look at our article titled Change is on the cards, which looks at some of the changes that can be expected following the publication of the UK government’s response to the consultation on strengthening audit and corporate governance systems.
The neeed for a robust whistleblowing process was also mentioned, which has recently been a hot topic in sport due to the release of the Whyte Review on the mistreatment within the sport of gymnastics, which we covered in our blog of the same title. A section on our Sports Governance Academy knowledge hub looks at whistleblowing from a sports governance perspective (requires a free registration to access content).
CGIUKI is always looking at ways in which companies have dealt with risk and how we can better provide resources for organisations that would like help with risk management.
To help you find resources on risk, we have put together a webpage with links to our content, including blogs, papers and relevant courses. Take a look at our risk resource hub, and keep an eye out for upcoming blogs on risk-related topics, which we will be releasing every Thursday until 19 September.