What Risk Functions Should Your Organisation Have?
Most organisations will have a number of Risk functions, such as IT Risk Management, Currency Risk managers, closely related to the Financial Risk Managers to identify and manage explicit Risk.
A central goal for an Enterprise Risk Management program is to coordinate with these Risk Functions and provide an overall Risk profile to stake holders, such as shareholders, management boards or regulators, so that these stake holders can assess the organisations ability to manage the risks effectively.
There are many risk functions within organisations, typically scaling up as the organisation scales up, that is to say, the larger the organisation the more Risk Functions that are likely to exist.
The following Risk Functions would be common in large enterprises:
Strategic Risk Function - Typically would include senior managers or board members, setup to identify external threats and competitive opportunities and responses to these Risks.
Finance Risk Function - Typically would include Chief Financial Officer and senior accounting staff, setup to identify and manage financial risks to the organisation, including but not limited to currency risk, counter party risks and operational funding risk. Will monitor reports from the Credit risk Function, the Compliance Risk Function and the Insurance Risk Function teams.
Legal Risk Function - Typically would include senior internal Legal staff and possibly external legal representatives, responsible for litigation response and analyses legal environment that could impact the organisation meeting its objectives.
Insurance Risk Function - Typically would include senior members of the financial team, setup to ensure that residual risks associated with ongoing operations is mitigated via insuring against risks with external parties that are able to cover the cost of the residual risk.
Marketing Risk Function - Typically would include senior marketing staff, senior product managers and possibly senior sales staff, setup to identify and manage risks around product and/or service market alignment and market message penetration.
Compliance Risk Function - Typically would include senior members from the compliance team and finance team, setup to identify risks around compliance to local and international regulations such as SOX, PCI or FSA regulations.
Ethics Risk Function - A team of senior managers that monitor compliance to the organisations published code of conduct and directs investigation in to any violations of this code
Operational Quality Assurance Risk Function - Typically a team of senior managers from product management, customer support and quality assurance, setup to verify operational output is within operational risk tolerances.
Operations Management Risk Function - Typically include hands on managers, such as Sales Manager, Support Manager, Marketing Manager, setup to ensure the risk of day-to-day business operations are understood and managed.
Credit Risk Function - Typically include senior accounting team members, responsible for managing risk associated with providing credit to counter parties, such as customers, supply chain and market channel.
Customer Service Risk Function - Typically include team members from Product Management, Quality Assurance and Support/Implementation, setup to ensure client satisfaction is monitored and managed.
Internal Audit Risk Function - Typically an independent team responsible for evaluating the effectiveness of the other organisational risk functions, making recommendations on remediation steps required to ensure continual compliance to each of the risks functions goals.