Risk Management is an often overlooked or, even, misapplied process. Often seen as a tick the box exercise by many of the smaller thinking financial services companies.
Good risk management doesn’t just work with the obvious and known risks, but a good governance, risk and compliance (GRC) framework will provide the firm the process and ability to dig deeper, raise questions, and even reveal previously unidentified, clarified or identified risks. By having effective controls it can create a culture of risk awareness and greater voluntary adherence to your compliance framework.
A good GRC framework will look at positive controls as well as negative areas of potentially unidentified risks or inefficiencies, but provide the rigour of a robust risk management framework template and process to manage whatever is found, with complete buy-in and ownership of the process owner impacted.
So what benefit does having positive controls in any risk framework?
Risk events or occurrences, can provide positive outcomes that are better known as ‘opportunities’.
These can take the form of;
- Increased revenues, clarity around processes, reductions in costs and thus regulatory capital.
- A robust and appropriately scalable risk framework template improves the ability and capacity to change quickly and as well as embedding any organisational or regulatory adoptions. It also enables not only an increased ability to deliver strategy in an environment of preventative measures but provides a greater predictability of outcomes, measured against known capacity, workflow and previous outcomes.
- Finally, a seasoned risk manager with good data for only a few months can soon assist in better decision making and resilience when business like hits them with the unannounced and inevitable curve-balls.
Risk Management Framework Templates
GRC Frameworks fit together with all types of project management as well as the lowest forms of product governance and serves to provide communication to all stakeholders so as to avoid crises. By continually monitoring, with review and revision as necessary, everyone can see how the firm is moving ahead and has confidence in its progress.
Risk Management Framework Steps
Once established and implemented for a firm and their specific size, idiosyncrasies and management style, a risk framework template typically does not require high overhead or senior management involvement.
Initially, Risk Awareness Workshops would need to be hosted and facilitated by specialist consultants for the whole framework to be built, roles identified, governance formalised and the whole risk framework template explained to the staff.
The adaptation of a firm’s existing Governance, Risk and Compliance Management frameworks, including relevant systems and processes, can be done in the background, remotely by the specialist firm. This work is than promoted and launched by the specific risk committee agreed upon, to finalise and transition the firm to the new digitally managed framework.
Larger enterprises will take proportionately longer to implement, but having more data available will be beneficial as the faster learning over a greater number of projects or initiatives will be absorbed by their risk registers, translating into lessons learned.
In one intervention, we were tasked to rewrite the risk framework of a FTSE100 company (see Case Studies). We maintained their risk rating with the risk agencies and saved them 18% of their regulatory capital; a mere £99M. If we ask to work for a percentage of savings, you will understand why.