The perception on risk is sometimes inclined towards adverse and negative occurrence of events that creates vulnerabilities to an organization. Due to different perspectives and ways of responding to risks, occasionally risk management process is considered as deterrent to innovations and non-responsive to seize emerging opportunities. Similarly, internal control is viewed as ‘cast in stone’ sets of processes and procedures that should be complied with in an organization irrespective of evolving changes in operating environments. It is sometimes regarded as constraint to efficiency, agility and flexibility to explore new opportunities.
The presentation will enlighten that risk is all about the impact of uncertainty of the future, which may have positive or negative deviation from anticipated outcome. One aspect of risk is the positive impact which constitutes opportunity (up side of risk) in creating or preserving value to an organization, while the other aspect is threats to success that diminishes the value (downside of risks).
Organizational objectives and risks are interdependent. One cannot exist without the other. Thus, managing risk is not a matter of choice to organizations; it is rather an essential component of management practices. Risk management is not only able to respond to threats to success but also allows conscious risk taking practices and encourages innovation. On the other hand, internal control should be broadly measured in its contribution towards managing risks and achieving organizational objectives. Control without purpose, ineffective and costly internal control by itself is a major risk to an organization.
The need for an effective risk management system, which is embedded to the organization’s day to day practices, is fundamental to success. While all stakeholders have a role on risk management, top management and the governing body have the ultimate responsibility to build positive risk culture and risk conscious workforce. The commitment of the leadership (i.e. ‘tone at the top’) in changing the perception of concerned parties towards risk management and control is paramount.