4 There’s no reward without risk — EY’s global governance, risk and compliance survey 2015 | 5 With the knowledge that risks are a never-ending challenge and new risks will be encountered every day, a stepped approach to risk management is required: These three steps are explained further in the following pages. • Step 1. Advance strategic thinking The first step challenges the way organizations categorize, manage and respond to risk: thinking about risk in the context of their business decisions and designing risk response plans to appropriately manage identified risks. • Step 2. Optimize functions and processes The second step focuses on what organizations are doing to optimally align functions by allocating talent and design risk management processes to efficiently and effectively execute risk response plans across each of the lines of defense (see page 12). • Step 3. Embed solutions The third step highlights the importance of integrating sustainable solutions throughout the organization to prevent, balance or limit risk. Building a risk-aware organization Advance Identifying, managing and responding to risk should be an integral part of an organization’s everyday activities. This can be achieved by applying the three risk categories: strategic, preventable and external. Our global governance, risk and compliance (GRC) survey tells us that organizations are looking for a more comprehensive, coordinated and innovative approach to enable them to successfully manage the opportunities and the hardships presented by risk. This requires transforming the way the organization views and capitalizes on risk — we call this “building a risk-aware organization.” • Identify and assess risks that impact business strategy • ►Design risk response to reduce the downside and take advantage of the upside potential • Optimally align functions to execute the organization’s risk response plans/strategy • ► De velop risk processes to facilitate better coordination, communication and reporting Optimize • Design solutions that prevent, balance or limit risk • ► Implemen t technologies to effectively execute and sustain the solutions Embed