As a membership benefit, individual RMA members can enjoy free downloads of this Workbook. Be sure to login to download your free copy.
It is availble to Professional members for the list price.
How do institutions oversee risk-taking?
The Governance and Policies Workbook examines the core capabilities required for a strong risk governance culture, structure, policies and procedures, and internal control environment. Establishing a sound governance process in any institution requires the Board and senior management at the forefront leading the effort, continually reinforcing what is expected regarding risk governance and oversight.
Culture is at the heart of any institution's enterprise risk management program. Without it, the other essential elements are not nearly as effective. Knowing how to build a risk management culture that overcomes cognitive biases is challenging, but a requirement for a sound risk management and governance program.
Although several examples are provided in the workbook, there is no "right" governance structure. Ultimately, each institution must determine which structure is best suited for its organization. Most importantly, the structure and the organization's culture should support the flow of information, the escalation of concerns, appropriate decision making, and, finally, accountability.
In this workbook, you will find:
- Essential elements of a good risk culture
- Barriers to a good risk culture
- Core capabilities for strong risk governance
- Framework for a risk governance structure
- Outline of a board-level committee structure and board-level risk committee charter
- Keys to a sound internal control environment
- "Three Lines of Defense" model
- Enable your institution to make well-informed decisions.
- Learn how to build a risk management culture that overcomes cognitive biases.
- Create a governance structure that promotes information flow, escalation, decision making, and accountability.
- Instill a culture that makes managing risk everyone's responsibility.
- Establish a well-defined and effective internal control environment and risk response system.
- Empower your people with the tools and training to be able to identify risk, assess it, evaluate it against the desired level of risk tolerance, and make decisions about suitable risk treatment.