Canadian organizations can take major steps toward mastering the challenges of modern business risks by incorporating those perils into strategic planning and nurturing strong risk cultures. This is according to a new white paper from Crowe Horwath Global Risk Consulting and The Institute of Internal Auditors (IIA) Canada titled, " The State of Risk Management in Canada 2015."

The whitepaper is based on findings from the inaugural Mastering Risk in Canada survey, which questioned risk professionals working in internal audit, risk management and internal control functions, as well as operational managers with responsibility for applying and maintaining internal controls. The survey elicited more than 110 responses from a broad cross-section of Canadian businesses and public sector organizations. It was undertaken as part of an ongoing initiative to recognize organizations that have demonstrated sustained efforts toward mastering risk.

The report was released on October 15, 2015 as part of the Mastering Risk Awards gala, which culminated in the presentation of Canada's first Awards for Excellence in Risk Management and Internal Audit. Awards were presented to the following

  • Achievement in Public Sector Risk Management and Internal Audit – WorkSafeBC
  • Achievement in Private Sector Risk Management – Cameco
  • Achievement in Private Sector Internal Audit – Fortis BC
  • Achievement in Private Sector Risk Management and Internal Audit – Wajax Corporation

Attendees and winners at the IIA Canada and Crowe Horwath Mastering Risk Awards in October 2015.

Four major themes emerged from the whitepaper and suggested areas in which organizations can find opportunities for improvement:

  1. Clarify and coordinate roles and responsibilities of the three lines of defence. Bring focus to the integration and coordination points that are important to each risk management function and see that each function's needs are addressed when designing commonality and consistency including enabling governance, risk, and compliance systems.

  2. Take a more strategic approach to risk management. Position the risk management functions to perform the strategic threat analysis as part of the strategic planning (strengths, weaknesses, opportunities, and threats [SWOT] analysis, for example) or stress-testing approaches.
  3. Demonstrate risk management's results and positive Return On Investment (ROI). Have an honest and open conversation with the "champion" in your organization for improving the perception of ROI of risk management functions.
  4. Work with the board or risk/audit committees and senior management as risk culture champions. Undertake and present the results of culture surveys to the Board of Directors, or put risk tolerance and appetite on the agenda. Alternatively, have the Board of Directors be responsible for risk oversight with delegation, when appropriate, of certain specific risks to board subcommittees (e.g. the health, safety and environment subcommittee, or the human resources risks subcommittee).

To download the whitepaper, click here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.