Page 159 - Risk Report 2024
P. 159
IRMSA
159
RISK REPORT 2024/25
IRMSA’s survey of risk culture related practices and competencies in SA revealed the focus areas for governing
bodies, executives, and risk managers when building organisational risk cultures (including the formal rules
that define risk management objectives, priorities, and competencies, as well as the informal rules, protocols,
workflows, decision-making, and compensation practices), discussed below.
RISK CULTURE
50%
TRAINING IN BASIC RM
RISK REPORTS 40%
RISK COMMUNICATION 60%
RISK DISCUSSIONS 63%
RISK INCIDENTS 76%
The survey results confirmed that risk events are actively discussed in workplaces. This indicates that risk
communication is good but reactive as it relates to events that already occurred. It was confirmed that risk
discussions are part of the agenda at all business and committee meetings. Together with a minority of
employees regularly receiving risk reports, this could indicate that detailed risk focus is limited to management
only, and not to operational employees. A key pillar of an effective risk culture is that ‘Every employee is a Risk
Manager’, yet only half of employees are trained on basic risk management skills to evaluate and respond to
risks they face daily (through performance contracts and management). Overall, the results confirm that risk
communication in SA is ‘average’ and does not fully support a mature risk culture. Higher risk maturity requires
empowered employees and the free flow of information across organisational hierarchies with pro-active
focus on risks and responses by every employee, every day as they execute their duties. Such unobstructed
pathways for risk information allows ‘bad news to travel faster than good news’ in safe environments, where
responsible risk-decisions can drive organisational performance.
Regulatory Insight
