Aligned assurance cannot be successful while siloes separate the three lines of an organisation and those functions within. Our members – risk leaders around the globe – have been benchmarking ways to share data and communicate effectively with other functions, plus the wider business, for better risk-based decision-making and assurance.
Forward-thinking risk professionals want to avoid the danger zone of risk management becoming too focused on processes (the tick-box exercises) and having the wider business perceive it as simply an administrative task.
They want risk management to be understood, and proactively leveraged, as something useful to inform better decision-making.
Collaboration between functions – ERM; legal; compliance; audit, procurement, finance – and even between these group-level functions and the wider business, can help achieve this.
It can take the form of collaborative risk workshops that bring together different areas of the business to identify and mitigate risks together; establishing or enhancing an existing management-level risk committee; redesigning your governance model for better collaboration between group and local level; or getting several perspectives in the room when you report on risk interconnectivity.
Of course, the increasingly popular method for enhancing collaboration is to establish an aligned assurance programme (here are five common questions about doing so).
At the heart of successful collaboration? Data, analytics, and knowledge.
Our members – risk leaders around the globe – have been benchmarking ways their businesses share data and communicate effectively during our collaborative member meetings and through our bespoke networking assistance opportunities.
Our latest Intelligence paper details the insights and experiences members shared with their peers over what makes a successful aligned assurance programme, which can be collated into five key considerations:
1) Establishing a common language for risk
One of the most pivotal steps, to be completed at the beginning of your journey, is to define your wording (or ‘typology’) for risk management across the whole organisation; every company will have to decide upon what its own risk universe looks like.
Members tackle this in several ways, including:
- Dividing risks into economic, environmental, geopolitical and technological categories, as per the World Economic Forum’s PESTEL approach
- Getting the business to think of risk in terms of risk appetite, splitting risks into categories based on strategic, tactical, or operational concerns
- Mapping risks based on the value chain of the organisation
However you decide your risk taxonomy, it needs to be shared and made clear with every function of the business. This isn’t just a matter of culture or communication; it ensures all reports and documentation are produced in line with this taxonomy, making them better understood and therefore useful for all functions.
2) Knowing how to sell collaboration across a business
There is a need to move away from the culture of feeling pressure to solve problems within your own business function – this often leads to ineffective solutions which just push the issue somewhere else in the company.
Instead, members with successful aligned assurance programmes are focused on having the risk function work collectively with other functions to help them develop an end-to-end treatment.
Collaboration can help to avoid the unnecessary duplication of efforts; if you are collecting data from one part of the company about risks they’re facing, and another business unit is experiencing similar risks that need to be mitigated, they may collect the same data and create their own database, which is a waste of both time and resource.
Instead of working in this siloed fashion, a more effective solution would be to create one single database that allows different functions to share information and knowledge. Not only does this share data, but it also opens up opportunity for sharing solutions. And what senior leader or group head does not want to hear solutions?
3) Gathering information for more integrated assurance
You’d be surprised at the number of data points already available within your organisation. These can piece together, like a puzzle, to help keep different functions more informed and better equipped to manage their risks.
Sources can include:
- Findings of management system analysis
- Lists of materialised risks
- The outcome of third party oversight process for supply chain risks
- Public events evaluation
- Risk indicator monitoring data
- Plus more (our Intelligence paper details many more)
To learn about the other key considerations risk leaders have revealed to one another on successful data and knowledge sharing within their organisations, and to read the full report and other intelligence insight from our better practice guidance on assurance, find out more about membership today.