SoRiL’s Risk Leadership Framework

Risk leadership is business leaders' (board and senior management members) responsibility to steer their company's risk agenda. Without risk leadership, a company lacks the overall vision, direction, knowledge, and values needed to shape its approach to risk management.

  • • Ethical risk-taking and management of risks should be demonstrated through leaders' actions and decisions.
  • • This involves taking risk and managing risks for the common good (seeking to protect the interests of all stakeholder) based on the principles of fairness, honesty, transparency, and accountability.
  • • It Occurs during strategy planning and execution
  • • The definition and implementation of the company's risk appetite is about establishing the nature and extent of the risks an organisation “aspires” to take to achieve its objectives.
  • • It applies in strategy development;
  • • It is objective-focused: It must be aligned with the specific objectives and strategic intent of the organisation. (Some companies prefer to articulate appetite according to a common risk taxonomy that is based on common characteristics of risk. This approach emphasises acceptable levels of risk given the unique consideration of each type of risk. However, this approach may result in a company managing risk in silos. The risk leadership approach integrates risk and risk management performance—focusing on the desired outcome--not the undesired outcome--regardless of where the risk may originate in the entity.)
  • • It is implemented through the formulation statements regarding the overall organisational risk appetite and its specific risk appetite applicable to each objectives; and communicating the risk appetite statements throughout the company.
  • • It occurs during strategy execution (To be successfully implemented, risk appetite and risk tolerance require an awareness about them and adherence to them or a conducive risk culture to be established in the company.)
  • • This entails championing the risk appetites and leading by example in their application through actions and decision-making.
  • • With a conducive risk culture, each member of the company is clear on what is acceptable and what is not, whether in relation to behaving unethically, pursuing the wrong objectives, or encountering too much risk in pursuing the right strategies and objectives.
  • • It is about ensuring that those who are responsible for managing risk operate within the mandate of keeping risks within risk tolerance limits or acceptable deviations from risk appetite levels.
  • • It applies during the execution of strategy
  • • It involves approving the organisation’s risk tolerance limits;
  • • It considers risk tolerance limits through the lenses of risk appetite;
  • • It emphasises on the use of KRIs as basis for risk assessment (identification and evaluation);
  • • It approves the KRIs’ thresholds to detect risks (deviations from risk appetite) to monitor risk management performance; Applies at any level of the business;
  • • It is risk-focused (considers specific risks)