IERP® Monthly Newsletter Issue 3/ August 2018 | Page 10

9 The IERP®Monthly Newsletter August 2018

The discussion in this session revolved around the insights gleaned from creating a risk-aware risk culture in their organizations.

Key Takeaways

- Risk management should not be about micromanaging. An enterprise-wide awareness of risk can foster proactive initiatives in employees, contributing to a cohesive effort of working towards common objectives.

- It's vital to get buy-in at the top as well as to create positive associations with risk, rather than have risk management be one done out of a mandatory nature. Capability building and training is necessary to create a network of risk champions.

- Risk management frameworks should not be made over-complex; lean, simplified processes and templates will be easier to engage with across all business levels.

- Risk appetite statements are often difficult to apply organization-wide as they are often not linked to value. Strategic thought should be put into them so that they can be put to practical use top-down.

- Responsibility and accountability sits with the leaders/ respective business units, while the risk manager's role is to facilitate and implement the risk frameworks, and to ensure all processes are running smoothly.

Panel Discussion: Embedding Risk Culture

Moderator:

Nasiruddin Abdullah, Former General Manager, Barakah Offshore

Panelists:

Anita binti Esa, Head, Group Risk Management, CCM Duopharma Biotech

Mohd Shahari Idris, Director of Group Risk Management, Kumpulan Perangsang Selangor

Daniel Atkin, Director of Enterprise Risk Management, Country Fire Authority (Victoria, Australia)