Risk management processes need to fit in with the rest of the organization, and processes for identifying, analyzing, responding to, and reporting on risks are required to operate in such a way that they successfully
manage risks across all elements of the internal environment.
This is particularly useful as a tool for management when trying to bring about change. It also can serve as an indicator that risks and opportunities may arise not just within one area, but as a result of separate components working together.
Hard and Soft Elements (7S):
Hard Elements - Strategy, Structure, Systems
Activities: (Review,inspections, policies, reconciliations, structure, limits, user ID- passwords, physical counts, bank reconciliation).
Soft Elements- Style, Shared Values, Staff, Skills
People: Openness, clarity, competency, expectations, communications.
- Hard elements are readily grasped and manipulated by management, and soft elements that are much less tangible and more easy to change. For example, it is relatively easy to issue a new strategy or introduce a revised system. However, to make either of these things work requires adjustments to other elements such as skills and shared values, which present a much greater challenge to manipulate.
- Soft elements are more difficult to change, introduce, monitor, and manage.