Recently I got the honor of being part of a panel discussion on “Risk Management Mistakes Many companies make”
This session was moderated by An Independent director and other panelists included:
- A CRO and Head of Risk of a life insurance company
- Head of GRC for India and SAARC for a reputed GRC company,
- Head of Internal Audit of a telecom company
Some of the key takeaways on mistakes done by organizations:
- Lack of sponsorship for the ERM
- Lack of define ownership
- Lack of accountability
- Copy paste from another company operating in the same domain.
- Putting ERM in the internal Audit role
- Lack of separation of role of ERM and other risk and assurance service provider
- Risk Register is the end of ERM process
- Quarterly refresh of risk register
- Credit Risk/ Finance Risk is matured, Operational risk has lot of path to cover.
- Lack of honesty and transparency
- Inability to define a common terminology
Following could be added to the lists are:
- Inability of defining objectives
- Lack of linking of risks to objectives.
- Fixing accountability for risk management on Facilitators
Some of the reference material which is useful to the reader:
- The Six Mistakes Executives Make in Risk Management
- Common Risk Management Mistakes
- 5 More Common Risk Management Failures
- The Top Ten Risk Management Mistakes
- 12 Common Mistakes Risk Managers Make
Call for action:
Inputs/ comments/ suggestion: I welcome inputs/ comments / suggestions from readers on how to approach this issue. Feel free to correct me, educate me.
Share the Article: If you like it, share it. If you share it with others, and they comment, we all will get more learned.
(Disclaimer: The views expressed constitute the opinion of the author and the author alone; they do not represent the views and opinions of the author ’s employers, supervisors, nor do they represent the view of organizations, businesses or institutions the author is, or has been a part of.)