Tema focuses on the ‘10 Cs’ of K.H. Spencer Pickett on “Auditing the Risk Management Process”:
- Capability, the capacity to understand and manage risks
- Commitment, that runs to the workforce to buy into the risk management
- Choice, each decision should be made based on the acceptability of a level of risk
- Consistency, an approach to the way for managing risks
- Context, risk appetite should be seen within the context of the way an organization operates
- Challenge, risk management should lead to an empowered workforce that is able to take charge of its priorities and decide what works best
- Communication, the Corporate risk can only be understood if people around the organization understand each other and their priorities
- Controls, that are set against high levels of inherent risk to reduce this risk down to an acceptable level
- Core Values, because risk appetite is closely aligned to corporate value and acceptability is about appropriateness
- Culture, as Governance is not a meeting of performance-driven success criteria and conformance-based constraints. Root causes of risk can include facets of an organizational culture of risk and controls