Effective risk management starts a proper understanding of the risks that your ENTIRE organisation faces. It is only frankly impossible to manage something that you cannot identify, define and quantify.
While this may sound very obvious, it requires an open-minded and disciplined approach. Too many businesses (risk managers/champions) follow a fairly narrow approach, focusing only on those risks that have previously been identified (or are quite obvious) rather than looking those that have not previously been identified and quantified.
Businesses are therefore encouraged to look organisationwide and to try and identify the real root causes od risks rather than where those risks may manifest themselves. We often quote the example in Dott Risk of how weak recruitment (human resources) practices, such as the lack of reference checks or criminal record/qualification checks create the enabling environment for internal fraud. In this scenario, the real root risk is were HR policies and practices that when combined with a lack of financial controls will result in a financial loss (impacting the income statement and the balance sheet).
While it may feel daunting to have to do and organisationwide risk review (especially when this involves examining areas in which the risk champion has little or no experience or skill), this is not that intimidating when one follows a logical and disciplined process (and steps). This systematic and structured approach is the heart of the Dott Risk solution.