Wherever I go, clients tend to ask me the same two questions – what are the top risks you are seeing right across Australian organisations and how can we make those risks real and manageable for the first line of defence?
I'll tackle the first question first. But before I do, remember that risk is an incredibly fluid thing – new risks emerge and redundant risks retire as technology and cultures change.
One of the biggest challenges in managing the galaxy of sector specific and individual business risks Australian organisations face is getting the first line of defence fully engaged.
We believe there are some key ways organisations can work towards a more engaged first line:
Awareness. It starts with ensuring that everyone is aware of the key risks the organisation faces. It's important to prioritise these risks, rather than overwhelm your workforce with a huge array of risks. When they’re aware of which risks are more problematic, they understand where to best focus their attention.
Communication. The next critical step is clearly communicating exactly what each individual is supposed to be doing within the organisation and who they report to. This ensures everyone understands their duties and where they sit in the chain of risk.
Empowerment. Empowering business managers is critical at this point. They need to be supported and it needs to be communicated to the whole first line that the identification of risks and the need for change is rewarded and repercussions exist only for those who fail to call out known risks.
Collaboration. To get to this point, it's helpful if you have a culture where risk and the business work collaboratively. If the risk function is isolated, it's very difficult to embed good risk practice into everyday functions.
Motivation. Incentivising employees is also an important lever. Managing individual risk responsibilities needs to be a KPI for all relevant team members.
You can have the best risk strategy in the business world, but if your first line of defence isn't playing its role, the whole strategy can be compromised. It's as important for organisations to focus as much on the lower level implementation as on strategic planning when it comes to risk. Why? "Because you're only as strong as your weakest link."
© 2017 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.