Risk awareness/attitude
(1) In general, a lack of risk awareness means that an organization has an inappropriate risk management strategy.
(2) Risks may not have been identified meaning there will be a lack of control over that risk.
(3) Risk may occur and the control over that risk is not active due to lack of monitoring and awareness.
(4) Continued monitoring within the organization is therefore required to ensure that risk management strategies are updated as necessary.
(5) Risk awareness can be divided into three levels: strategic level, tactical level, and operational level.
(6) Risk attitude is influenced by many factors: (a) response to shareholder demand; (b) the size, structure and stage of development of the organization; (c) the pursuit of business opportunities, say entrepreneurial risk. (d) personal views and cultural influence.
Embedding risk
Organization’s systems/procedures
(1) Embedding risk means that ensure risk management is included within the control systems of an organization.
(2) Embedding risk also means that risk assessment should evolve into a consistent, embedded activity within a company’s strategic, business, budget and audit planning process rather than be executed as a significant stand-alone/separate process.
(3) Embedding risk is a statutory requirement of a code of best practice. To be successful, embedding risk management needs approval and support from the board.
Organization’s culture/values
(1) Embedding risk into system/procedure may still fail unless all workers (board to employee) in a company accept the need for risk management.
(2) Embedding risk into culture and values implies that risk management is ‘normal’ for the organization.
(3) Embedding a risk management frame of mind into an organization’s culture requires top-down communications on what the risk philosophy is and what is expected of the organization’s people.
(4) Whether the culture is open or closed affects the success of embedding risk management within the culture and values of an organization.
,我们将会及时处理。