While seemingly cliché, the saying ‘everyone is a risk manager’ is simple but absolute. An organization is run by its people and their knowledge in managing risk is a key component to strategic business planning and success.

But the concept of a risk-aware culture did not really take shape until a little over a decade ago.

The risk model and how to effectively manage risk is always evolving and has seen significant advancements through the years.

In the early 2000s, financial risk was at the forefront when the Sarbanes-Oxley Act was enacted and organizations began to establish the three lines of defense model.

When the Great Recession hit, new regulations and requirements were enforced and organizations re-evaluated how they could apply the earlier key elements of the risk governance model. As we moved toward the end of the Great Recession, we saw more companies focusing on credit, third party and cyber risk management, as well as how to better integrate and aggregate risk activities across the organization.