Priti Sikdar (B.Com, FCA, DISA, CISA, CISM, CRISC, ISO 27001 LA, BS 25999 LA, COBIT (FC), BCCS, PRINCE 2 (FC))
Risk Culture in an organization is dependent on the ‘tone at the top’. Management plays a pivotal role in molding the risk culture. Risk management is a part of the IT Governance framework in the organization. No business can function without taking into consideration the internal and external risk factors; in fact risk can be adverse, risk can be positive when it turns opportunity into profit.
As a part of internal audit function, an auditor will see enterprise risk corresponding to the business objectives, mission and long term and short term policies of the organization. But it is observed that the greatest impediment in the compliance to risk standards set by management is the absence of a risk centric culture which has to be woven into the fabric of the organization right from the induction stage when a new employee enters the organization, to defining his roles and responsibilities to including risk compliance into the KPI and building an awareness and training culture where risk is always on agenda to be discussed.
In this presentation, I wish to bring the experiences of our audience under a single platform and discussing certain modes of assessing and building a risk conscious culture whether we belong to industry or we are on the assurance side. We shall emphasize culture as a vehicle to ride our risk initiatives and bring in effectiveness and compliance.