enterprise risk management

‘Riskwashing’ – a greenwashing equivalent – is where a business represents (and convinces itself) that it has robust risk management systems without implementing them or ensuring they are embedded and working. To avoid being tagged as engaging in riskwashing, it’s critical to develop and implement authentic risk management practices that will be implemented and endure.

By adhering to the following five tips, businesses can move beyond appearances and genuinely embed practices that safeguard against potential threats, uncertainties, and risks.

Commit to Transparency

Businesses should be open and document how their risk management processes operate. They should clearly communicate how risks are identified, assessed, and mitigated. Avoid glossing over challenges or presenting an overly optimistic picture.  Prepare and publish an honest, warts and all report card for all internal and external stakeholders.

Implement Robust Risk Management Frameworks

Develop and adhere to comprehensive risk management frameworks tailored to your industry and business size. These frameworks should include clear roles, responsibilities, and escalation procedures. Where necessary, establish new governance and management forums to oversee the implementation of these frameworks. Avoid having risk management framework documentation approved but left on the shelf, never implemented.

Provide Regular Review and Updates

Continuously assess and update your risk management strategies in response to changing internal and external factors. Use governance and management forums to drive conversations about what is happening in the external and internal environment.  Demonstrating a proactive approach to risk mitigation builds confidence among stakeholders.

Encourage Reporting and Escalation

Foster a culture where employees feel safe reporting risks and issues without fear of reprisal. Business leaders should actively listen to concerns raised and address them promptly. This can create a genuine ‘risk aware’ culture.

Independent Assurance

Consider engaging external auditors or consultants to periodically review the business’ risk management practices objectively. Stakeholders will then gain confidence in the effectiveness of the business’ risk management frameworks and systems.

By following these above principles, businesses not only enhance trust among stakeholders but also strengthen their resilience in the face of challenges. Genuine risk management goes beyond appearances—it’s about embedding practices that truly protect the business or organisation and enables it to take advantage of opportunities.