It is hard not to think about risk, considering that risk incidents are occurring more often; often inflicting worse consequences than the one before, adding to the challenges of an already volatile, uncertain, complex and ambiguous world. The second presentation of the virtual Risk Forum jointly organised by the International Institute of Enterprise Risk Practitioners (IERP®) and the Brunei Institute of Leadership & Islamic Finance (BILIF) saw Nurul Diana Intan Zafirah Ishak, Head, Programme Management Office, Cyberview Sdn Bhd, speaking on what it takes for an organisation to develop a viable risk culture.
ERM professionals often talk about risk culture being the glue that holds frameworks together but what does this entail? Threats can come from any direction, and have a major impact on the business despite companies having set risk management practices, systems, controls, processes and procedures in place. “Statistics show that only a small percentage (of firms) is doing it successfully,” Nurul said. “The failure rate is high.” Unfortunately, many organisations still hold the view that risk is a waste of time, and an additional cost.
“People perceive risk negatively but risk is an enabler,” she pointed out. “Risk management is an art, not a science.” Having started on risk management, not progressing to developing an appropriate risk culture is a waste of resources – but this is a complex undertaking as it involves core values, including individuals’ upbringing and personal values. More than that, risk culture has to be internalised. The first step is to have a formal structure that clearly defines who does what in the organisation, she said. Understanding the processes and procedures of risk management is crucial.
28 The IERP® Monthly Newsletter December 2021