Strategic Risk Management and the “4Ts” Approach

Risk Management Cycle

There are many ways that organisations can choose to manage risk today and, as we saw in Chapter 1, the board and senior management are responsible for designing and implementing the method that is most appropriate for each organisation. Whatever specific methodology is chosen, most organisations operate around a broad five-stage risk management cycle: the strategy for managing risk is set by the board; there are then distinct processes both to identify and to prioritise risk; the existing controls and monitoring procedures are then assessed; and finally there must be a process to measure the residual risk position and to monitor progress going forward. The whole process should be dynamic and ongoing – it is important to remember that risk management is not a static event that happens quarterly or even once a year. Risk management is never “just for Christmas”!

The strategic risk management cycle is set out in Diagram 4.1.

Diagram 4.1 The risk management cycle

The “4Ts” Approach

When working with delegates on a course I like to make use of a particular risk management strategy known as the “4Ts” approach. This strategy, together with the exercise that we will come on to shortly, is particularly good at demonstrating the crucial linkage between risk and controls in business as well as providing delegates with ...