man hold a frayed rope together

Whether a small business or a large enterprise, is everyone in the organisation focused on delivery, operational risk management and the associated actions required by themselves and others?

There has been a significant progression in developing tools and techniques for managing risk within organisations and accepting that senior management, including board members and trustees, need to be mindful of the risks associated with organisational objectives.

What is organisational risk management?

The organisational risk management process is about identifying and prioritising risks and then controlling and mitigating them.

Organisational risk management is about resilience. Not just about preventing harm to a business but also about protecting and growing the brand and reputation to ensure the business is resilient to future changes due to internal risk and external risk.

What is organisational risk focus?

Organisational risk focus is all about looking at the bigger picture and getting everyone in the business on the same page.

Suppose the business is trying to make a change or implement a new initiative. In that case, everyone in the company must understand what the business is trying to do and why.

Effectively manage top risks

Senior management should be asking about the organisation’s top risks.

If they don’t know the top risks, how can they plan for them and make the correct risk decisions? They can’t. To prepare for the future, they need to know the top risks. This is effective risk management.

Risk monitoring

Regularly monitor the risks to provide risk oversight. This may also include an internal audit as part of the compliance process.

Monitor identified risk using a risk register, matrix, and signature-based risk profile.

Also, monitor internal risks such as missed deadlines or ignored customer requests and external risks like competitors entering the market. These combined provide the overall potential risk exposure for the business.

Contingency planning

Contingency planning depends on the occurrence of an uncertain future event. They can significantly impact any organisation, so it’s important to know what contingency plans are available and how prepared the business is for the unexpected. What risks that require a contingency plan does the business face?

Communicate risk appetite and risk tolerance

A business’s risk appetite is the significant risk it is willing to take to achieve its goals. The organisation needs to articulate its risk appetite and define its risk tolerances for managing the business.

Continuous risk identification

The business should have a continuous risk analysis process to undertake risk identification reviews, update its risk assessment, and control and mitigation strategies. This will ensure that the business is always considering new emerging risks and can act proactively to avoid, accept, reduce or transfer an emerging risk. The company should have a continuous process to review and update its risk assessment, control and mitigation strategies.

Understand the key assumptions underlying the risk management strategy

When it comes to the risk management strategy, the business needs to understand the assumptions against the significant key risks underlying the strategy so that the business can be aware of any changes in the external factors that could affect those assumptions. In addition, it’s crucial to align the competitive intelligence process with the business strategic risk management process.

Sociability vs solidarity model

Each organisation has a unique cultural approach, a culture that may or may not be helpful in successful risk management. Moreover, individual language styles, values, beliefs and priorities towards risk contribute to, are affected by and influence the organisation’s culture.

The sociability vs solidarity model (Goffee and Jones, 1998) considers culture in two dimensions:

  • sociability (people focus – based on how well people get on socially)
  • solidarity (task focus – based on goal orientation and team performance
Sociability v Solidarity (Double S) Model
Source: Institute of Risk Management, 2013. Risk culture; Resources for Practitioners

The model identifies four distinct organisational cultures, described as:

  • Networked (high people focus, low task focus)
  • Communal (high people focus, high task focus)
  • Mercenary (low people focus, high task focus)
  • Fragmented (low people focus, low task focus)

The Institute of Risk Management research indicates that organisations should strengthen their sociability and solidarity ratings to implement risk management effectively. Low scores on either factor create a barrier to the effective management of risk.


There is a lot more to risk management than just protecting the business. The business needs to protect and grow the company’s brand and reputation – it needs to be resilient!

What’s the first thing you should think of when you start working in a business? Should it be revenue and profit? Probably not.

The first thing should be the organisational risk focus on resilience. This includes understanding key risk indicators, strategic objectives, and business strategy.

Senior managers must balance business risk management and resilience to achieve the business objectives. This will help address the threats and opportunities the business faces.

It is a competitive advantage that is usually overlooked by most businesses.

Organisation risk focus sources

Goffee, R. and Jones, G., 1998. The character of a corporation: How your company’s culture can make or break your business. New York: Harper Collins Business

Institute of Risk Management, 2013. Risk Culture: Resources for Practitioners

Institute of Risk Management, 2017. Risk culture: Resources for Practitioners

Similar Posts