There is no doubt that the challenges of globalisation, digitisation and new technology combined with the pace of change and increasing complexity and aggregation of risks are putting more demands on boards, which retain ultimate responsibility for managing risk and compliance. With the increased transparency of operating environments and the potential need for instant response to any incident, the challenge of becoming and being a resilient organisation is already material and steadily increasing.
What has remained the same is the criticality of good risk management. Organisations continue to face crises. Some of these have been external, caused by unforeseen events or lack of planned response, while others have begun inside the organisation, with senior management taking poor decisions, condoning bad practice or being compromised by the actions of their colleagues.
This guide has three main aims:
• Changing risk requirements: to provide risk managers with an understanding of the changing governance and risk management expectations of the board and guidance on how to approach the new challenges.
• Changing role of risk managers: to support risk managers in understanding the challenges they face in elevating their role from risk manager to risk leader and in moving to an environment with risk leadership expectations.
• Changing risk process: to give risk managers recommendations on how best to measure resilience so that they can ensure resilience across all five principles and to provide practical advice on how to improve resilience.