In the first of a series of articles, we discuss risk silos and why they are a problem.
What is a silo?
For the purposes of this series, a silo is an isolated activity, function or grouping that operates apart from, and independently of, others in a way that hinders communication, co-operation and organisational effectiveness.
How does your organisation operate?
When you consider risk management in your organisation, do any of the following apply?
- there is limited or no information exchange about risk
- the executive management and the board are in the dark about how risks are being managed across the organisation
- different business units or locations have different risk management frameworks and terminology, making it difficult to compare risks across the organisation
- when risks need to be treated, there is no centralised place to go to track the progress of the risk treatment.
If you have answered yes to any of the above, then it is possible that your organisation, like many others, has risk silos.
Risk Silos Defined
What exactly is a risk silo?
A useful definition comes from the Open Risk Manual. A risk silo is:
“an informal (usually meant as derogatory) characterisation ascribed to organizational structures of Risk Management. It is meant to indicate that the treatment of the range of various possible risks is done in isolation (autonomously) rather than in an integrated way. Risk silos can happen within any type and at any level of an organization.”
What types of factors lead to risk silos developing?
Risk silos can occur because there is no centralised approach to risk management and so organisations must rely on the competence of individual managers in managing risk activities and hope that they give risk management a high enough priority as part of their work responsibilities.
Other factors that can influence the formation of risk silos include:
- the number and location of business units across the organisation
- the number and types of products or client segments that exist
- company politics
- a lack of base level understanding of risk and risk management by the organisation’s leaders
- information silos
- lack of leadership and commitment to a whole-of-enterprise risk management system.
What can you do to help break down risk silos?
A useful way of breaking down risk silos is to approach risk management in an integrated way. Some steps to get you started are:
- Consider adopting a risk management framework, such as an enterprise wide risk management framework, to address risk silo vulnerabilities. This will provide you with a structure that:
- promotes internal information flow
- addresses blind spots
- provides a common language for risk.
- Identify risks in each area of the business and assess how these are being managed.
- Apply a consistent methodology to filter and sort risks.
Conclusion
Risk silos can easily occur, especially as organisations experience growth in teams and locations. If you start to recognise risk silos developing in your organisation, consider establishing an enterprise wide approach to risk management to align risk management activities, create a common language, and bring the organisation back to an integrated approach.
In our next article, An Integrated Approach to Risk Management, we will explain the steps suggested above in more detail to help your organisation break down risk silos.
