

Client: AuditBoard, Inc.
Format: Guide
Taille: 2,38 Mo
Langue: Anglais
Date: 20.02.2025
How to Build a Strong Risk Management Culture
A risk is defined by The IIA as the positive or negative effect of uncertainty on objectives. Traditionally, risk management has focused on known or familiar risks, and this remains vital to organisations. However, the macro environment is increasingly characterised by new and emerging risks — it is almost impossible to describe it without using words like volatile, uncertain, complex, and ambiguous. Acronymised as “VUCA” by the Harvard Business Review, it’s a short way of saying “Hey, it’s crazy out there!”
Although commonly discussed, the concept of emerging risk is less often defined. The Institute of Risk Management’s definition is “a risk that is evolving in areas and ways where the body of available knowledge is weak”. Crucially, emerging risks are ambiguous, chaotic, complex, and uncontrollable. This makes it difficult to apply our normal risk management tools.
Whilst uncertainty is challenging, we can learn from what we know and apply it to these new and unfamiliar situations. There is never zero risk. We must build resilient, efficient, streamlined processes that are agile and adaptable. We should move away from traditional RCSAs (risk and control self-assessments) and operate both a bottom-up and a top-down approach to ERM.
An effective response to new and emerging risks must include:
- Better horizon scanning through proactive, future-focused scenario planning, looking externally, and staying abreast of global trends in industry and regulatory changes.
- Improved education and upskilling in management, risk functions, and internal auditing.
- Adoption of the full potential of technology, including AI, advanced data analytics, and process automation.
Download Develop a Strong Risk Culture to read more about each of these areas, plus get questions audit and risk professionals should ask to evaluate the effectiveness of their ERM programme.