What hat is your Risk Owner wearing?

Written By Kate Gannon
enterprise risk

I want to talk about hats. Specifically the Risk Owner hat.

In the draft CPG230 Operational Risk guidance, APRA notes "Best practice is for business line management to be responsible for embedding operational risk management practices, and as a result to also be the owners of the risk within the entity." 100% agree.

Practically, in my experience this risk ownership term comes in many many forms, I am going to call these 'hats'. Here are a few I have picked out:

๐ŸŽฉ Process Owner
๐ŸŽฉ Product Owner
๐ŸŽฉ Obligation Owner
๐ŸŽฉ People Leader
๐ŸŽฉ P&L Owner
๐ŸŽฉ Data Owner
๐ŸŽฉ Information Asset Owner
๐ŸŽฉ System Owner
๐ŸŽฉ Contract Owner/Manager
๐ŸŽฉ Project/Business Sponsor
๐ŸŽฉ Incident Owner
๐ŸŽฉ Policy Owner

So this got me thinking ... how well have your various risk frameworks (the ones that define all these terms) thought about the collective weight of that risk ownership - AND more importantly - helped the risk owner navigate these responsibilities?

When APRA called for a change in mindset to be able to drive operational resilience in regulated entities... the rubber hits the road at the people who wear these hats.

When you are looking at the changes required for CPS230 compliance, don't forget to bring empathy to your framework design ... put yourself in the shoes ๐Ÿ‘Ÿ (or wear the hats ๐Ÿงข ) of the risk owners as you go, and I predict, this journey might be a little less bumpy.

#change #empathy #humancentredriskframeworks
August Advisory can help you with thinking about these hats ๐Ÿค™

Kate Gannon
Previous

Changing the Game
Next

Is your operational risk appetite wishful thinking?