Is there a systemic process to continually review and revise “top risks”? This question was asked by a respondent to my survey last month on the topics of most interest to my readers like you. My answer finishes off a series of blogs on Risk Reporting.
My answer is yes there is. It is integrated performance and risk reporting. Something I have written about in the past few weeks, The Pontificators and Reportable Offences and KRIpes.
Simply put, strategy and risk are two sides of the same coin. One is setting the intent, the other is helping leaders make sense of the uncertainty surrounding the objectives they set. Consequently, reporting on the current performance towards the objectives set, and on the risk to future performance from sensemaking activities – like risk assessment and KRI monitoring – are also two sides of the same coin.
Get that thinking established in your organisation and you will have a systemic process to continually review and revise “top risks”.