Who is accountable for your risk?
HOPE KIWEKETE discusses how risk stewardship drives risk accountability
In the spirit of good stewardship, business leaders and their government counterparts are continually providing assurance to their stakeholders on how diligently they are managing their valuable resources.
The Cambridge Advanced Learner’s Dictionary and Thesaurus defines stewardship as: “Someone’s stewardship of something is the way in which that person controls or organises it.” There are numerous illustrations of how stewardship could be realised, hence this is not comprehensive discussion.
Management must tell the risk story
Why tell a risk story? A lot is at stake, such as achievement of business objectives. Risk stewardship demands more than the appointment of risk champions in the relevant functions or departments.
Management should take responsibility to inform stakeholders of the risks faced by the organisation. This should be followed by putting risk-control measures in place to mitigate the risks.
Assign and accept accountability
Some organisations might outsource the management of their risks. However, those within the organisation who have been given the mandate to provide risk oversight still have to accept accountability. The day-to-day operational activities ultimately require management to incorporate risk management into their operations. Risk stewardship therefore requires managers to own up to their responsibilities.
Reliability and availability of risk information
The ISO 9001:2015 Quality Management Systems standard outlines seven principles related to quality management, one of which is evidence-based decision-making. This requires reliable information – whether it emanates from inside or outside the organisation.
Similarly, putting risks “under the carpet”, or fine-tuning risk improvement to indicate an improved risk maturity, should be avoided if risk stewardship is to be realised. The availability of risk information also needs to reach management and leaders timeously.
Break down risk-management silos
Risk stewardship might be influenced by the risk culture of an organisation. It requires that everyone in the organisation is familiar with, and aware of, situations or events that might impact their respective functions from achieving their objectives.
A silo approach to how risks are managed will not improve morale, let alone risk ownership. Breaking down silos compels personnel to have confidence in speaking out when they hear about, or observe, risk-mitigation control measures being ignored or failing.
Ensuring that risk stewardship becomes a fabric of an organisation’s risk-management approach holds everyone accountable to steer risk improvement into an organisation’s context, yet being aware of risks impacting, or likely to impact, an organisation may be overwhelming to some of us.
However, additional approaches – such as management telling the risk story, assigning and accepting accountability, the availability and reliability of risk information, as well as breaking down silos – will go a long way in ensuring risk accountability is enabled through risk stewardship.