RISK MANAGEMENT IN

ORGANIZATION

N E X T
ETH 604- Conflict Resolution
and Risk Management

RANDY A. NABLE
PhD-EM Student
LET’S GET STARTED
Best Practice Risk
Management : Key
Lesson
Risk management is a
critical component of
organizational strategy,
aimed at identifying,
assessing, and mitigating
risks that could impede an
organization's objectives.

4
Lesson 1:
Risk Management
Systems are Both Time
and Organization Specific
 Risk management systems are both time and organization
specific because they need to be tailored to the unique circumstances
and evolving dynamics of each organization and the period in which
they are implemented.

6
 Time Specificity
Changing Environments: The risks that an organization faces can
change over time due to shifts in the external environment, such as
economic conditions, regulatory changes, technological
advancements, and geopolitical events. A risk management system
must be adaptive to these temporal changes.

7
 Time Specificity
Evolving Internal Factors: Within an organization, internal factors
such as changes in strategy, personnel, processes, and technology can
alter the risk landscape. A system that works well at one point in time
might need adjustments to remain effective as these internal
conditions evolve.

8
 Time Specificity
Historical Context: The effectiveness of risk management
strategies can be influenced by the organization’s history and past
experiences with risk. Lessons learned from past incidents, crises, or
successes inform the design and implementation of current risk
management practices.

9
FINDINGS:
 The Impact of New Strategies and Objectives on the Risk
Management System
 The Impact of External Events on Risk Management Systems
 The Impact on New Management on Risk Management
Systems

10
Organization Specificity
Unique Objectives and Strategies: Each organization has its own
set of goals, strategies, and risk appetites. A risk management system
must align with these unique aspects to be effective. For instance, a
high-risk, high-reward strategy in a tech startup requires different
risk management approaches compared to a conservative strategy in
a well-established manufacturing firm.

11
Organization Specificity
Distinctive Operations and Processes: The specific nature of an
organization's operations and processes influences the types of risks
it faces. For example, a financial services company will have
different operational risks compared to a healthcare provider.
Therefore, the risk management system must be designed to address
the particular risks inherent in the organization's operations.

12
Organization Specificity
Cultural Factors: Organizational culture significantly affects how
risks are perceived and managed. Some organizations may have a
culture of risk aversion, while others may encourage risk-taking. The
risk management system must be compatible with the organizational
culture to ensure it is embraced and effectively implemented by all
members.

13
Organization Specificity
Resource Availability: The resources available for risk management,
including financial resources, personnel, and technology, vary
between organizations. A risk management system must be scaled
appropriately to the resources an organization can commit to
managing its risks.

14
Practical Implications
Customization: Risk management frameworks, such as COSO or
ISO 31000, provide guidelines, but they must be customized to fit the
specific time and organizational context.

15
Practical Implications
Integration with Strategic Planning:
Effective risk management is integrated into the strategic planning
process, ensuring that it evolves in tandem with organizational goals
and the broader business environment.

16
Practical Implications
Continuous Monitoring and Adaptation: Organizations need to
continuously monitor their internal and external environments and
adapt their risk management systems accordingly. This involves
regular risk assessments, updates to risk management policies, and
ongoing training for staff.

17
Lesson 2 :
Organizational Culture is
Critical to Risk
Management
Effectiveness
Culture- is often describe as incorporating such as how
things are done, the way in which individuals interact
and the value and the rituals that glue the individuals in
a organization together.

19
 Organizational culture is a cornerstone of risk
management effectiveness, playing a pivotal role in
shaping how risks are perceived, assessed, and
managed within an organization.

20
 The significance of organizational culture in risk management can be
analyzed through several dimensions:
1. Risk Awareness and Perception
2. Behavior and Attitude Toward Risk
3. Leadership and Governance
4. Decision-Making Processes
5. Learning and Adaptation
6. Compliance and Ethics
7. Resilience and Crisis Management

21
 Organizational culture is integral to the effectiveness of risk
management. It shapes the attitudes and behaviors of employees,
influences decision-making processes, and supports the
implementation of robust risk management practices. A culture that
values and integrates risk management into all aspects of operations
enhances the organization's ability to identify, assess, and mitigate
risks, thereby ensuring long-term success and sustainability. Building
and maintaining such a culture requires committed leadership, clear
communication, and a continuous focus on improvement and
adaptation.
22
 Useful tools/questions to monitor the level of
risk awareness and engagement among staff:

1. What is the profile of risk staff/ risk management in

the organization?

2. Is there a culture of openness or a fear in respect of

risk issues?
23
Lesson 3 :
Be Patient ! Building a
Mature and Effective Risk
Management System
Takes a Long Time
 Building a mature and effective risk management
system is a complex and iterative process that
demands patience, commitment, and sustained effort.
Several factors contribute to the lengthy timeline
required to develop a robust risk management system.
Understanding these factors can help organizations
appreciate the importance of patience in this endeavor.

25
FACTORS:
1. Establishing a Risk-Aware Culture
2. Leadership and Governance
3. Developing and Implementing Policies and Procedures
4. Risk Identification and Assessment
5. Integration with Business Processes
6. Technology and Tools
7. Building Resilience and Adaptability
8. Measurement and Continuous Improvement
26
4 Stages Process
1. Formulate a Code of Conduct / Ethical Framework
and Establish Core Risk Boundaries
2. Develop a Risk-Aware Culture
3. Develop Standardized Control Tools to Create
Organizational Coherence in Risk Management
4. Look Onwards and Redefine Enterprise Boundaries
in Terms of Risk Management
27
Lesson 4 :
Risk Management and
Performance Don’t
Always Agree
 Risk Management and Performance Don’t Always Agree
is a critical concept in understanding the balance between
achieving business objectives and maintaining an acceptable
level of risk. This lesson highlights the inherent tension between
the pursuit of high performance and the necessity of effective
risk management.

29
1. Conflicting Objectives
Performance Goals vs. Risk Controls: High performance often
requires taking risks to capitalize on opportunities, innovate,
and achieve competitive advantages. However, risk
management aims to identify, mitigate, and avoid potential
threats that could harm the organization. These objectives can
be at odds, as aggressive pursuit of performance may involve
accepting higher levels of risk, while rigorous risk management
may constrain potential performance gains.
30
1. Conflicting Objectives
Short-Term Gains vs. Long-Term Stability: Performance
metrics typically focus on short-term financial results, market
share growth, and operational efficiency. In contrast, risk
management prioritizes long-term stability and sustainability,
often advocating for more conservative approaches that may
sacrifice immediate gains to avoid potential future losses.

31
2. Organizational Culture and Incentives
Cultural Misalignment - Organizational culture significantly
influences the balance between performance and risk
management. A culture that prioritizes short-term performance
and rewards high achievers without regard to the risks taken
can undermine risk management efforts. Conversely, a risk-
averse culture might stifle innovation and performance by
excessively focusing on avoiding risks.

32
2. Organizational Culture and Incentives
Incentive Structures - Performance-driven incentives, such
as bonuses tied to financial targets, can encourage risk-taking
behavior that overlooks potential downsides. If risk
management is not equally incentivized, employees might
deprioritize it, leading to imbalanced decision-making that
favors performance at the expense of risk control.

33
3. Decision-Making Processes
Risk-Adjusted Decision Making - Effective decision-making
should incorporate both performance and risk considerations.
However, in practice, decisions often lean towards
performance metrics due to their tangible and immediate
nature. Risk management perspectives, which are more
abstract and long-term, might be undervalued in the decision-
making process.

34
3. Decision-Making Processes
Cognitive Biases - Human biases, such as overconfidence
and risk tolerance, can skew decisions toward performance
objectives. These biases can lead to underestimating risks and
overestimating potential rewards, further exacerbating the
disconnect between risk management and performance.

35
4. Resource Allocation
Competing Priorities - Resources allocated to enhance
performance, such as investments in new technologies or
market expansions, might compete with resources needed for
robust risk management, such as implementing new
compliance systems or conducting thorough risk assessments.
Organizations often face difficult choices in balancing these
priorities, and under-resourcing risk management can increase
vulnerability.
36
4. Resource Allocation

Cost of Risk Management - Effective risk management can

be costly and time-consuming, requiring significant investment
in technology, personnel, and processes. These costs can be
perceived as detracting from funds available for performance-
enhancing initiatives, leading to potential underinvestment in
risk controls.

37
5. Regulatory and Compliance Pressures
Regulatory Requirements - Regulatory compliance is a key
aspect of risk management that often imposes strict controls
on organizational activities. These regulations can limit
operational flexibility and slow down business processes,
conflicting with performance-driven objectives that emphasize
speed and efficiency.

38
5. Regulatory and Compliance Pressures
Compliance Costs - Meeting regulatory requirements incurs
costs that can impact financial performance. Organizations
must balance the need to comply with regulations and manage
risks against the desire to maximize financial performance and
shareholder returns.

39
6. Strategic Alignment
Balancing Act - Achieving alignment between risk
management and performance requires a strategic approach
that integrates both elements into the organization's goals and
processes. This involves setting a clear risk appetite that
defines acceptable levels of risk relative to performance
objectives and ensuring that all strategic decisions consider
both risk and performance impacts.

40
6. Strategic Alignment
Integrated Frameworks - Developing integrated risk
management frameworks that align with business performance
goals can help bridge the gap. These frameworks should
include risk-adjusted performance metrics, cross-functional
collaboration, and continuous monitoring and feedback loops
to adapt to changing conditions.

41
 The lesson that risk management and performance don’t always
agree underscores the complex interplay between these two critical
aspects of organizational success. Striking the right balance requires
careful consideration of conflicting objectives, cultural and incentive
alignments, robust decision-making processes, appropriate resource
allocation, and strategic integration. By recognizing and addressing these
challenges, organizations can develop a more holistic approach that
ensures both high performance and effective risk management, ultimately
leading to sustainable success and resilience in the face of uncertainties.

42
Thanks!

44
Reference:
45
Learning Activity:

1. What are the fundamental principles of effective risk management,

and how can organizations integrate these principles into their daily
operations to enhance risk awareness and mitigation?

2. How can an organization balance the often conflicting demands of

high performance and rigorous risk management, and what best
practices can be adopted to ensure both objectives are met?

3. What role does organizational culture play in the success of risk

management practices, and what steps can leaders take to cultivate a
culture that supports proactive risk identification and management?