Just released - Ideagen's latest Education Risk Report

Risk, Compliance and Policy Management ‘Silos’


In the first of a series of articles, we discuss risk silos and why they are a problem.


What is a silo?

For the purposes of this series, a silo is an isolated activity, function or grouping that operates apart from, and independently of, others in a way that hinders communication, co-operation and organisational effectiveness.


How does your organisation operate?

When you consider risk management in your organisation, do any of the following apply?

  • there is limited or no information exchange about risk
  • the executive management and the board are in the dark about how risks are being managed across the organisation
  • different business units or locations have different risk management frameworks and terminology, making it difficult to compare risks across the organisation
  • when risks need to be treated, there is no centralised place to go to track the progress of the risk treatment.

If you have answered yes to any of the above, then it is possible that your organisation, like many others, has risk silos.


Risk Silos Defined

What exactly is a risk silo?

A useful definition comes from the Open Risk Manual. A risk silo is:

an informal (usually meant as derogatory) characterisation ascribed to organizational structures of Risk Management. It is meant to indicate that the treatment of the range of various possible risks is done in isolation (autonomously) rather than in an integrated way. Risk silos can happen within any type and at any level of an organization.”


What types of factors lead to risk silos developing?

Risk silos can occur because there is no centralised approach to risk management and so organisations must rely on the competence of individual managers in managing risk activities and hope that they give risk management a high enough priority as part of their work responsibilities.

Other factors that can influence the formation of risk silos include:

  • the number and location of business units across the organisation
  • the number and types of products or client segments that exist
  • company politics
  • a lack of base level understanding of risk and risk management by the organisation’s leaders
  • information silos
  • lack of leadership and commitment to a whole-of-enterprise risk management system.


What can you do to help break down risk silos?

A useful way of breaking down risk silos is to approach risk management in an integrated way. Some steps to get you started are:

  1. Consider adopting a risk management framework, such as an enterprise wide risk management framework, to address risk silo vulnerabilities. This will provide you with a structure that:
    1. promotes internal information flow
    2. addresses blind spots
    3. provides a common language for risk.
  2. Identify risks in each area of the business and assess how these are being managed.
  3. Apply a consistent methodology to filter and sort risks.



Risk silos can easily occur, especially as organisations experience growth in teams and locations. If you start to recognise risk silos developing in your organisation, consider establishing an enterprise wide approach to risk management to align risk management activities, create a common language, and bring the organisation back to an integrated approach.

In our next article, An Integrated Approach to Risk Management, we will explain the steps suggested above in more detail to help your organisation break down risk silos.


Risk Report - Socials-1


Share this
About the Author

Jonathan Oliver

Jonathan Oliver has been a lawyer in NSW since 1986 and worked in private practice (initially in general practice, and later as a specialist family lawyer) and then in community legal centres. More recently he spent 10 years as a business manager at an independent school in Sydney. He has been with Ideagen CompliSpace since 2016 and is the principal consultant in governance risk and compliance (GRC). He assists schools, commercial and financial services clients and the not-for-profit sector in all areas of risk and compliance, governance and policy management. He frequently presents to governing bodies and executive teams on GRC issues including facilitating workshops and strategic planning activities. He has presented at many education law webinars on risk and compliance and related topics.

Resources you may like

Managing Concussion in School Sport

Concussion in school sport is not uncommon. It is, however, very serious. While some symptoms may...

Read More
Creating a Culturally Safe Environment in Schools: Meeting the National Principles for Child Safe Organisations

Creating a culturally safe school environment is essential to meet the National Principles for...

Read More
Understanding the Key Issues Impacting the Education Sector in 2024 With Ideagen’s Latest Education Risk Report

A new report released last fortnight by Ideagen, in partnership with their publication School...

Read More

Want School Governance delivered to your inbox weekly?

Sign up today!