At the Society of Actuaries Annual Conference in December 2020, as part of the ‘on-demand’ sessions, Neil Cantle of Milliman outlined a concise and practical approach to reviewing the effectiveness of risk management frameworks.
Whilst the inputs to a risk management framework are clearly important, such as policies, registers and processes, the focus from an effectiveness perspective was on outcomes. This is aligned with the core purpose of risk management i.e. helping organisations pursue their business objectives with a degree of confidence that they will achieve them. Neil’s guide on a practical review of effectiveness included the following areas:
Design: Core elements that support informed risk-taking e.g. a well-defined framework, and a risk appetite articulated with clear preferences aligned to business strategy. Evidence of embedding across the organisation was essential, going beyond the risk function, with clear roles & responsibilities set out and well-articulated procedures for identifying, assessing and managing risks. The control environment should evidence controls that prevent and detect.
People: The capacity and capability of the team operating the risk management framework was noted as key, as well as the culture in the organisation. Key attributes to watch for here were the open communication of risks and issues (both up and down the organisation), honest and ethical behaviours, a willingness to learn and curiosity.
Outcomes: In line with the opening theme, the focus here is on key decisions made in the organisations and the behaviours that accompanied them e.g. were they risk-aware informed decisions and consistent with risk appetite. Other aspects for review include the information being shared around the organisation, regulatory feedback and viewing actual examples of risk identification and management action taken.
Future: Finally, evidence of a framework that is not static and that evolves with changes in the operating environment is important. This may be evidenced through the scenario planning that takes place and also evidence of learning the lessons of what has worked well and what hasn’t.
Given the events of 2020, Neil noted the need for effective risk management frameworks that are forward-looking and can show the ability to adapt that he spoke of.
A link to Neil’s talk for those who signed up to the 2020 SAI Convention, can be found here.
Francis Coll is Chief Risk Officer in New Ireland Assurance and a member of the SAI ERM committee.
The views of this article do not necessarily reflect the views of the Society of Actuaries in Ireland, the Enterprise Risk Management Committee, or the author’s employer.