If your company has suffered a crisis, a postmortem is an essential part of the recovery process. But according to Mark Layton, global enterprise risk services leader at Deloitte Touche Tohmatsu Limited, this same exercise, conducted before an adverse event, can be more valuable. “It’s imperative that the key executives periodically get together to discuss risk and strategy,” says Layton. Here are six of Deloitte’s risk intelligence principles:
1. There is a common definition of risk that is used consistently throughout the organization.
2. A common risk framework, supported by appropriate standards, is used throughout the organization to manage risks.
3. Key roles, responsibilities and authority relating to risk management are clearly defined and delineated within the organization.
4. A common risk management infrastructure is used to support the business units and functions in the performance of their risk responsibilities.
5. Governing bodies (e.g., boards, audit committees, etc.) have appropriate transparency and visibility into the organization’s risk management practices to discharge their responsibilities.
6. Executive management is charged with primary responsibility for designing, implementing and maintaining an effective risk program.