Risk management refers to a coordinated set of activities and methods that is used to direct an organisation and to control the many risks that can affect its ability to achieve objectives.
Ethics risks are an important dimension of organisational risk, alongside other types of financial and operational risks. As such, it is crucial that they are identified and managed appropriately.
An ethics risk assessment is comprised of different stages:
- Risk identification: this implies the need to find and describe risks that could affect the ability of the organisation to live up to its ethical values and standards.
- Risk analysis means understanding the nature, sources, and causes of the ethics risks identified and estimate the level of risk. It is also used to study impacts and consequences and to examine the controls that exist.
- Risk evaluation is used to compare risk analysis results with risk criteria to determine whether or not a specified level of risk is acceptable or tolerable. While an organisation’s risk appetite for other types of risk might vary significantly depending on a number of factors, when it comes to ethics risk it is generally very close to zero.
It is important that this process is conducted regularly and that it involves a variety of internal and external stakeholders. Assessing and managing the ethics risks that an organisation faces is very important to avoid reputational damage and financial losses. The results of this exercise can also help to develop and update the organisation’s ethics programme, as it can highlight current gaps or new developments that need addressing.