Risk management is an essential part of good management practice. It is often part of financial management, and separately also part of quality management. Risk is always an element of uncertainty (opportunity or threat), and risks are an inevitable part of doing business. 

Enterprise Risk Management (ERM) is the process of systematically identifying and addressing potential events that pose a risk to the achievement of strategic objectives or the potential for competitive advantage. Risk management is an integral part of the management of any organisation and must be embedded in the ongoing operations of the business. 

A good level of risk management in companies inspires confidence, especially among financiers and other key stakeholders.

A good level of risk management in companies inspires confidence, especially among financiers and other key stakeholders. The shortcomings of risk management are obvious – inadequate risk management is neither comprehensive nor systematic and is often ineffective. Often companies may have several different risk management practices in different areas and therefore it can be difficult to get a complete picture.

The problem is that companies rarely have comprehensive risk management solutions in place. Often, solutions are only used to manage specific risks, such as quality management, IT security or training. However, risk management must also cover all supply chains and internal processes within companies. 

EU-level CSR regulation aims to promote respect for human rights and the transition towards a carbon-neutral economy.

Proposals for corporate responsibility legislation (Corporate Sustainability Reporting Directive (CSRD) & Corporate Sustainability Due Diligence Directive (CSDD)) require a comprehensive assessment of risks from a sustainability perspective and impact assessments. For example, in February 2022, the European Commission adopted a proposal for a Directive aimed at respecting human rights, enhancing environmental protection, creating a level playing field for companies operating in the Union and avoiding fragmentation of the regulatory field. The reason for the regulation is that, according to the Commission, voluntary action by companies has not led to sufficient improvements in their adverse human rights and environmental impacts. EU-level CSR regulation aims to promote respect for human rights and the transition towards a carbon-neutral economy.

When the directives enter into force, they will apply to medium and large companies. However, it is expected that with them, requirements will trickle down the supply chain to smaller companies. 

Businesses are required to include due diligence in their policies and to communicate publicly on the issue. In addition, companies should identify actual and potential adverse impacts and mitigate and prevent them. In practice, this means having an action plan to prevent harm and a corrective plan to stop it – including; timelines, indicators and stakeholder consultation.

The risk management of the new regulatory framework is similar in nature to the traditional risk models of quality management at the top level and thus building a new, separate risk management framework on top of the others is unlikely to be a very workable model.

NordCheck’s risk management is well suited to different areas and functions. Excel may work for the initial stages of the risk management process, but if you want to implement a risk management plan that works in the long term, Excel’s shortcomings will quickly become apparent. Developing a company’s risk management process needs to be supported by an appropriate tool that makes it easy to analyse and map risks, especially as accountability regulation will make it more and more demanding in the future.