top of page
Stephanie.jpg

Join     today

Enjoy all the member-exclusive resources

Niecristal
Circle

Writer's pictureNiecristal

Why you might not have achieved your Target Risk Ratings

Have you ever wondered why you seldom achieved your planned/expected Target Risk Ratings by year-end?


Here's a quick self-check exercise to discover the key areas you might have to look into:


Have you ever wondered why you seldom achieved your planned/expected Target Risk Ratings by year-end?  Here's a quick self-check exercise to discover the key areas you might have to look into

Have you ever wondered why you seldom achieved your planned/expected Target Risk Ratings by year-end? Here's a quick self-check exercise to discover the key areas you might have to look into, what might have gone wrong? By Stephanie Cristal D.

Has there been a change or shift in the business market and environment affecting your business? Was your Enterprise Risk Profile reviewed timely following that change – not only the risk statements but also the key causes, consequences, controls & mitigations, and the basis of risk exposure evaluation?


Have there been frequent delays and timeline revision for the progress of your identified controls & mitigations? Were adequate resources provided to execute the agreed risk controls & mitigations – including dedicating the right manpower for the jobs, allocating sufficient budget, and setting realistic timelines?

Have the identified controls & mitigations completed or executed well but not making much difference in minimizing your risk exposure? Were the controls & mitigations effectivein addressing the key causes & consequences identified for your risks? Did the risk profile nail on the accurate causes & consequences for the identified risks?

Have some of the actual target risk ratings been acceptable to your business operations even though they are higher than planned? Were your target risk ratings set too low unrealistically in the first place? Could your risk appetite be much higher than what you previously thought your business could absorb at most?

Sometimes, you do have the right controls & mitigations and they are effectively implemented, but your risk exposure has not been reduced because the controls & mitigations in place serve to prevent the risk from escalating further rather than to minimize the risk exposure. This happens when the risk is somewhat inherent in nature.


Now that you have gone through the four possible areas to assess why you might not have achieved your Target Risk Ratings, can you relate to any of these gaps in your current enterprise risk management?


Share your thoughts and key takeaways with me in the comment.

15 views0 comments
bottom of page