C2.2 Enhance Risk Management Climate & Mindsets

AboutMission & StructureFounders & Leadership CouncilAdvisory BoardSteering CommitteeMedia Partners/AffiliatesManagement TeamContact Us / FeedbackTechnology CouncilStandards & GuidelinesFrameworkProcess FoundationRisk Area DomainsExposure DraftsTechnology / XMLResourcesGRC illustrated seriesTopics & GroupsCase StudiesGRC360 MagazineExposure DraftsGRC SourceBlogsGRC 360° - Driving Principled Performance™GRC TechnologyOCEG Technology BlogBenchmarking SeriesAudit & EvaluationMeasurement & Metrics GuideUpcoming EventsWebinar SeriesMember to Member NetworkNews & AnnouncementsJob Postingswhy join?How Can OCEG Help Me?Benefits Overview:: Governance:: Risk Management:: Audit:: Compliance:: Ethics & culture:: Technologyjoin / upgrade now

Measurement + Benchmarking

Events + Networking

why join?

You are here :: home > knowledge network > FND-OCEG Foundation "Red Book" v1 > C-Culture > C2-Risk Culture > C2.2 Enhance Risk Management Climate & Mindsets

C2.2 ENHANCE RISK MANAGEMENT CLIMATE & MINDSETS

Understand and evolve the risk management climate and mindsets to create a climate where individuals factor risk into their daily jobs and risk-taking is consistent with the overall objectives of the organization.

An entity's risk climate and risk philosophy include norms for thinking, talking and acting with regard to risk. An entity should strive to create an atmosphere where these norms are formally established and communicated, and "risk" taking is consistent with the overall objectives of the entity. Importantly, management should ensure that all employees understand that, unlike taking "business risks," it is unacceptable to take "legal risks" by deliberately violating laws or regulations in pursuit of financial goals and objectives.

Standards & Guidance

C2.2.S01

Determine the entity's risk culture and ascertainable attitudes about risk and risk management.

C2.2.S02

Determine the risk philosophy of the entity (e.g., whether it approaches risk in a conservative or aggressive manner).

Core Practices

C2.2.101

Survey a sample of the workforce regarding:
> how aggressive or conservative the organization is with regard to risk;
> whether leadership communicates risk appetite;
> whether leadership models appropriate risk-taking conduct;
> whether individuals actually encounter "risk" in job;
> whether workforce is prepared for risks.

C2.2.102

Communicate the need to factor risk into business decisions.

C2.2.103

Communicate that it is acceptable to take business risks.

Additional Practices

C2.2.201

Provide training and examples of appropriate and inappropriate risk-taking to the workforce.

C2.2.202

Provide a mechanism for the workforce to ask for advice about risk-taking conduct.

C2.2.203

Provide visible approval for appropriate risk-taking conduct and visible disapproval for inappropriate risk-taking conduct.

C2.2.204

Define a repeatable methodology for understanding and analyzing the entity's risk climate and philosophy.

GUIDELINE DETAILS

Actions:	Download
Legend:	Source / Reference Resource Domain Supplement