Traditional risk management programs focus on managing and mitigating harms – in other words, on avoiding failure.
But survey after survey tell us this approach is not convincing executives and boards that risk management is helping them achieve their objectives. They see it as a compliance exercise: something they have to do rather than want to do.
Norman Marks draws on his personal experience as an executive and builds on the thinking in his previous books, including World-Class Risk Management, Risk Management in Plain English, and Making Business Sense of Technology Risk, to explain how risk management should instead focus on achieving success.
This book explains how a consideration of what might happen can enable informed and intelligent decisions from the setting of objectives and corporate strategies through the daily execution of the business. Those decisions enable the appropriate taking of risk so that the organization has an acceptable likelihood of achieving its objectives.
An assessment of risk management is recommended by a majority of corporate governance codes around the globe and required by the Standards of the Institute of Internal Auditors. The book includes a maturity model that summarizes the attributes of the highest level of maturity envisaged in this book, as well as management surveys that can be tailored for your organization. They can be used as the basis for an assessment by management, the risk officer, or the internal audit team.