Risk management is developing and the value of a proactive formal structured approach to managing uncertainties needs to be recognized.  Many organizations are seeking to introduce risk processes in order to comply with global compliance trends and regulation.  But there is still a long way to go before the full potential of Risk Management is realized.

What are the various types of risk faced in the financial sector? You have Credit risk, Market risk, Liquidity risk, Operational risk, Regulatory risk, Reputation risk, Litigation risk, Technological risk, Concentration risk,  strategy risk, product risk and so on.

When you look at operational risk for instance, you find reports of internal and external fraud rising, indicating an increase in incidence of internal control failures.  Only few companies employ and fully utilize a dedicated full time risk manager in their organization. 

With all this risks it is important to have a framework within which each organization understands its current risk management capability and develop a risk process.

It is also important that risk management is fully integrated at both operational and strategic levels. There is a need to develop strategic risk-based thinking within organizational culture.  Much of the value of implementing risk management can be diluted or lost if decision-makers deny risk or do not properly take account of risk.

So Board members, senior management, front-line management and staff must take risk ownership and be responsible of identifying and assessing the risk faced in the business in line with the set risk appetite and ensuring that appropriate controls are established and maintained.

In the same vein, a designated risk manager with a risk management department should maintain risk control by being responsible for designing risk framework methodologies, tools and techniques that are fully integrated in the business and fully supporting the business in analysing and managing risk and providing early warning of adverse trends. The Chief Risk officers should also be responsible for consulting and advising Board, management and staff on identification, control and mitigation of risk.

At the same time the Audit function should be responsible for providing independent and objective assurance on the effectiveness and adequacy of risk management control and governance process.

In conclusion, we must note that it is only when full attention is given to the area of risk ownership, control and assurance that risk management can start to fully develop and can start to fulfill its potential as a significant contributor to business success, and then take its place as an indispensable and effective management tool for the new millennium.