Entitled "10 Questions to Ask Executives About Risk", and written by Norman Marks, a compliance officer, it's a good executive communication checklist. Here's an abridged version of Marks questions:
- How has the executive team become familiar with leading risk management practices? .... are you using a recognized risk standard or framework?
- In broad strokes, can you describe how you identify, assess, and determine how to manage .... uncertainties?
- How do you integrate the consideration and management of risk in the setting of strategy, achievement of goals and objectives, optimization of performance and management of major projects?
- How have you assigned the management of risk ... [to specific managers], [and] are they informed, educated in risk management techniques, and provided the tools for the task?
- How are risk criteria, including risk appetite and tolerance, set? How are those levels and expectations for taking risk communicated across the organization? How do you know when the levels are exceeded?
- How do you manage the accumulation and interplay of risks when a single situation can affect multiple areas, or when the activities of one manager affect others?
- Are you managing risk fast enough, so you can act when necessary? Is the organization agile? Are you able to change strategic directions if risk levels change?
- If you have a risk office, what is their role relative to the responsibilities of management?
- How do you make sure the risk management process is working as you expect?
