A robust risk management program and a strong ethical culture are both necessary for the long-term success of an organization. Control of risk is an integral part and natural extension of all efforts to foster a culture of principles and shared values. In essence, culture is the roof, information security is the foundation, and risk management activities are the walls of a building with integrity. An effective control environment involves the integration of all the various building blocks of risk management.
Organizations need to take a long-term view regarding their risk management investments, ensuring that they are robust and sustainable. An organization’s risk management program efforts must also be strategic (i.e., meet the organization’s business priorities and reflect the operating environment of the company’s industry and business).