Reply To: Too much reliance on individuals
The fundamental issue here Angus (and Peter) is that this reliance is borne out by the belief that ownership of the risk is at the lower levels of the organisation.
As I wrote in my blog: RISK TIP # 7 – RISK OWNERSHIP- LET’S TURN IT ON ITS HEAD – this belief that ownership resides at those levels is not only a fallacy, in the case of some very high profile incidents, it has proved deadly.
I am seeing more and more ‘risk champion networks’ springing up in organisations. My view is that, whilst the intent is well meaning, it insinuates that all of the risk management activities reside across functional areas. This is not the case.
Ask the Board and CEO of AMP who was held accountable for their failings. Ask CBA who was held accountable for the AML issues. Ask the Board and CEO of VW who was held accountable for their scandal.
The bottom line is this:
Just because the incident can (and will) happen within the functional areas – DOES NOT MEAN THEY OWN THE RISK. In every one of the incidents listed above it was the CEO’s responsibility to know what was going on but because risk management was left to individuals and champions outside of a well structured framework where assurance of conformance to controls is constantly monitored, when it came to light they had no idea.
Everyone has a role to play in the management of risk – but risk management is not everyone’s responsibility.