Governance e strategia per la gestione dei rischi nelle imprese non finanziarie
The "Corporate Risk Governance & Control" Commission, composed of risk managers, working for the top leading companies and financial institutions, many of which are publicly listed, as well as academics and board members, worked together to produce a position paper that aspires to provide principles and best practices regarding strategic risk management and risk governance. In particular, the document provides a framework, applicable to non financial companies based on their specific profiles,
... specific profiles, that integrates the general requirements established by the standard setters (i.e. the Code of Corporate Governance for publicly listed companies, the COSO Framework 2017, ISO 31000:2018 and banking and financial sector regulations) while taking into consideration elements of differentiation, uniqueness and different organizational and managerial approaches to affront risk The document is composed of two main sections: "Risk Governance" and "Risk & Strategy". In the first section, roles and responsibilities regarding risk management are addressed, starting from the importance to diffuse a risk culture consistent with mission, vision and company values to outlining the benefits of adequate organizational principals and governance. Once clarifying the difference between the first, second and third level of defense, the section concludes with a detailed analysis dedicated to the role of the Chief Risk Officer, in which the requirements of professionalism and independence are underlined as well as the key role played in the consolidation of a holistic view of the risk profile within the organization. In the second section of the position paper, ample space is dedicated to the Risk Appetite Framework, a fundamental tool to connect the business strategy and punctual risk quantification. The objective is to offer guidelines to define the risk appetite within a company. The final section of the paper proposes some suggestions for risk classification considering a portfolio view, as well as ulterior reflections regarding risk quantification, highlighting also some of the principle approaches to targeted evaluations and the drafting of a strategic plan pondered around risk.