Achieving best practices in risk management takes time and involves progressing through various levels. The important thing is that the three lines of defence are aligned around the ultimate objectives and understand their individual roles.
There is an inevitable learning curve as management in the front lines—as well as those in audit, risk management and compliance roles—transform their processes and discover the best ways to collaborate.
A phased approach is the most effective way to introduce and mature effective risk management. The snapshot below, which is the typical evolution of ERM in most organizations, can be used as a guide.