Enterprise Risk Management

Today, most successful companies actively engage in risk management across the entire organisation.

Many industries have specific regulations about risk management. For example, the UK Financial Conduct Authority (FCA) devotes a substantial part of its rulebook to compliance obligations around managing risk.

However, risk management is not about ticking the boxes in a regulatory rule book. Instead, it is a discipline that – if implemented correctly – can enable organisations to truly thrive.

If you need help implementing your risk management roadmap, we can suggest practical solutions.

Book a Demo

Chevron Skillcast chevron graphic
Risk Management Across the Enterprise

Creating the Right Risk Culture

Managing risk enables companies to avoid potential negative outcomes and embrace opportunities in a strategic, considered way. Good risk management also enables companies to respond with more agility if something negative does happen.

In any organisation, the foundation of risk management is building the right risk culture. The board and senior management should design the company’s approach to risk – and encapsulate it within the risk appetite.

Risk management policies turn risk appetite into reality within the business by making it clear to employees how they should engage with risk. Training is also essential to building up a robust risk culture. It ensures that everyone understands concepts, the purpose of the various risk management processes and how to undertake them in the same way.

Risk Compliance Roadmap

The risk management roadmap has its foundations in risk culture. Firms need to formulate the right policies connected to the risk appetite set by the board and senior management.

Companies can then train employees in risk management concepts and how to engage with risk management processes. Training covers different risk types and operational resilience, which focuses on responding to a negative event.

Lastly, through the Senior Managers and Certification Regime (SMCR) regime, senior managers are held accountable for the level of risk management via the attestation process. In this way, risk management is a cycle within the organisation, with leadership setting the right tone around risk and supporting employees.

Then, through SMCR leadership, the programme's success is held accountable. With this in mind, your roadmap should include:

  • Step 1: Create, maintain and update risk management policies. Also, ensure employees read the policies and attest to having done so. Be able to evidence the policies to regulators.
  • Step 2: Train employees in risk management concepts and skills to implement the risk framework effectively. Help them better understand what risk is, the purpose of risk management, identify and assess risk, use risk controls, monitor risks, and communicate about risk across the organisation. Enable your employees to envision risk as a continuous improvement process.
  • Step 3: Embed operational resilience within the organisation. The UK Financial Conduct Authority has a new operational resilience requirement for financial services firms. Employees need to understand and engage with this to ensure customers and the markets don't face negative impacts if a significant loss event hits the organisation.
  • Step 4: Educate employees about specific risk types. In performing their roles, employees engage with different risk types, whether they know it or not. Raising employee awareness about credit risk, operational risk and other risk types can reduce the chances of a negative event and improve business decision-making.
  • Step 5: Automate your firm's SMCR compliance processes to ensure senior managers know that risks within their areas are managed appropriately. Also, better manage the risks of non-compliance to both the firm and individual senior managers.

Back to top of page

Risk Policy Management

Create, maintain and update risk management policies. Risk management policies – which connect the firm’s risk appetite to employee activities – are the lifeblood of a good risk management culture.

Well-crafted policies set expectations for employee behaviour and set boundaries for their actions. The policies can also help employees know how to respond should a significant risk event impact the organisation.

Using RegTech, such as Skillcast’s online Policy Hub, you can create and update risk management policies. Policy Hub provides version control and the ability to assign policies to the right audiences. The solution also makes it easier to organise risk management policies, obtain attestations from employees, and evidence these policies to regulators.

Policy Hub


Back to top of page

Risk Management Training

To build a robust risk management culture, employees need to comprehend key risk management concepts and learn how to apply them daily.

At the foundation is understanding what risk is. For example, employees may think of risk in negative terms and not understand risk in the context of opportunity. Exploring the purpose of risk management can help teams see why and how they should manage risk.

Enabling individuals to learn how to identify and assess risk, apply controls, monitor risks and communicate about risk across the organisation gives them the tools they need to engage with the risks they encounter in their roles actively.

Today, effective training on risk management is one of the elements of a risk culture that regulators are looking for. Skillcast provides a suite of Risk Management training courses designed to help firms educate employees in an engaging way about their contribution to managing risk.

New call-to-action


Back to top of page

Operational Resilience

The FCA has a new operational resilience requirement for financial services firms. Operational resilience is the ability of firms to prevent, adapt, respond to, recover and learn from operational disruptions. Organisations need to identify important business services, understand vulnerabilities, and have plans to continue to deliver those services in the event of a negative event.

Employees across financial firms will need to understand operational resilience, how compliance requirements will impact their teams, and how to deliver on those obligations.

Skillcast has an operational resilience training module to help teams enrich their understanding of the requirements to develop an operational resilience approach that will add value to the organisation.

Business Continuity Management Checklist

Back to top of page

Third-party Due Diligence

Third parties pose a significant risk to all businesses. These include cybersecurity, operational, legal, financial, strategic and reputational risks.

Skillcast provides microlearning courses on several risk management-related topics. These courses include cybersecurity, managing homeworkers, and performing third-party due diligence. This helps teams address specific risk issues around those areas.

Skillcast's online Compliance Declarations will also help you streamline the collection, analysis and management of due diligence for associated persons outside your organisation.


Back to top of page

Automate SMCR

SMCR responsibilities create compliance risks for the financial services organisation and personal liability risks for the individual senior managers. This is because SMCR senior managers are now held personally responsible for ensuring risks are managed appropriately within their part of the organisation.

These senior managers need to be sure policies are adhered to, activities remain within the firm's risk appetite, and attestation processes are complete. For some senior managers, this creates significant complexity and can be very challenging to manage via email, spreadsheets, and shared drives.

Skillcast's SMCR 360 automates record-keeping, helping senior managers keep themselves and their organisations safe from potential breaches. Automating SMCR makes processes easier to complete, retains actions for auditing, and enables evidence of SCMR compliance to regulators.


Back to top of page

Staff Surveys

Many employees will encounter specific types of risk in performing their roles every day. It's important for them to understand the nature of those risks and how to manage them.

For example, some employees may need to learn about credit risk and the nature of credit events. Others may need to dive deeper into operational risk to understand better what operational risk is and how it can impact the firm.

You can use anonymous surveys to uncover gaps in employee knowledge and a lack of clarity in risk management policies. Skillcast's Compliance Survey Tool helps you conduct robust staff surveys that ensure wide coverage and enables employees to provide honest feedback.


Back to top of page

Best Practices in Risk Management

If you'd like to stay up-to-date with risk management best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.

Understanding FCA Operational Resilience

The FCA expects regulated firms to identify vulnerabilities in their operational resilience. Learn more about operational resilience and what your firm needs to do to comply.

Understanding FCA Operational Resilience

Setting up a Workplace Whistleblowing Policy

Whistleblowing programmes can serve as valuable risk management tools because they often enable serious risks to be brought to the attention of senior management before their impact grows much larger. Find out how to create a whistleblowing policy.

Whistleblowing Policy Tips

10 Ways to Improve Risk Management at Work

Discover ten key skills that can help you and your team improve how they approach risk management within your organisation.

Improve Risk Management at Work

Compliance Red Flags you Need to Spot

A practical look at how to spot employees who may pose a compliance risk and a discuss how to manage the people side of compliance. Compliance risk is an operational risk that often originates from employee issues.

Compliance Red Flags


Back to top of page

Free Risk Management Resources

We have over 100 free compliance training aids, including assessments, best-practice guides, checklists, desk aids, e-books, games, handouts, posters, training presentations and even e-learning modules.

Operational Resilience Webinar

Discover operational resilience and the UK FCA's compliance expectations from firms. Benchmark where your organisation is today in implementing its operational resilience framework and identify the gaps to fill.

Free Operational Resilience Webinar

Compliance Continuity Checklist

We've produced a 20-point checklist across five key areas of compliance needing careful consideration during times of disruption.

Free Compliance Continuity Checklist

Risk Management Training Presentation

Our free training aid is a short, interactive presentation that you can use to teach your employees all about risk management and their role in controlling risk across your organisation.

Free Risk Management Training Presentation

Whistleblowing Training Presentation

Our training presentation covers all the key issues your staff should know concerning whistleblowing, including busting some common myths and discussing why people often feel reluctant to get involved.

Free Whistleblowing Training Presentation

Business Continuity Checklist

Our checklist helps you benchmark your existing crisis planning and helps you with creating a new business continuity plan.

Free Business Continuity Management Training Module


Back to top of page
Chevron Skillcast chevron graphic
Compliance Bulletin

Compliance Bulletin

Our monthly email provides best practices, expert opinions, industry insights, news and key trends in regulatory compliance training, digital learning, EdTech and RegTech.