Risk governance is the top-down process that directs and aligns risk management to support the goals of the enterprise. The governing body determines the organization’s goals and objectives and also its risk appetite or tolerance. Risk tolerance dictates which risks are acceptable, which risks should be mitigated and which risks are unacceptable.
Effective Risk Governance
Risk governance can be difficult and effective risk governance requires visible commitment from the governing body. It is important for the governing body to openly discuss risk, undertake scenario planning and evaluate the potential negative outcomes on the organization. This should happen not only post a crisis but rather during periods of normalcy.
The risk governance process should focus on the entire enterprise and consider the full spectrum of potential risks and not just quantitative risks.
As risk management extends into daily operational management, it is good practice to establish a regular forum for the discussion of the risk framework and key issues at the management level. The formal appointment of a chief risk officer (CRO) in an executive role is also good practice and one that has been implemented in many financial firms post-2008.
Which of the following least likely describes effective risk governance practices?
A. Defining risk tolerance and unacceptable risks after a period of crisis
B. Appointing a CRO to work with the CEO and other executives to build and implement a risk framework
C. Integrating the risk management framework and process into the management level of the organization
The correct answer is A.
Effective risk governance requires the governing body to openly discuss risk, undertake scenario planning and evaluate the potential negative outcomes on the organization during periods of normalcy.
Reading 42 LOS 42c:
Define risk governance and describe elements of effective risk governance