The 10 “Cs”

Tema focuses on the ‘10 Cs’ of K.H. Spencer Pickett on “Auditing the Risk Management Process”:

1. Capability, the capacity to understand and manage risks
2. Commitment, that runs to the workforce to buy into the risk management
3. Choice, each decision should be made based on the acceptability of a level of risk
4. Consistency, an approach to the way for managing risks
5. Context, risk appetite should be seen within the context of the way an organization operates
6. Challenge, risk management should lead to an empowered workforce that is able to take charge of its priorities and decide what works best
7. Communication, the Corporate risk can only be understood if people around the organization understand each other and their priorities
8. Controls, that are set against high levels of inherent risk to reduce this risk down to an acceptable level
9. Core Values, because risk appetite is closely aligned to corporate value and acceptability is about appropriateness
10. Culture, as Governance is not a meeting of performance-driven success criteria and conformance-based constraints. Root causes of risk can include facets of an organizational culture of risk and controls