Risk management is key to an organization’s success. Because they are exposed to all types of threats, organizations must implement a rigorous process to counter these threats and strategies for dealing with and reducing them.
An effective risk management strategy not only avoids pitfalls and provides a means to react before it is too late, but it also builds trust and confidence that reassures your customers, business partners and investors.
In the case of a publicly listed, high-growth international company with offices on several continents, such as one of our clients, you can see why such a strategy is essential.
The client, with current sales of more than US$1B, wanted a solid base on which to build its expansion by reinforcing its risk management and internal audit procedures.
The client called on our experts for support in developing and implementing an enterprise risk management framework (ERM framework) and improving the related audit controls and reports.
A rigorous process
During this extensive three-year assignment, we worked closely with the directors, officers and various department managers in several countries.
The assignment consisted in defining the company’s main business risks and risk tolerance, then setting procedures to monitor and identify them. All major risks, whether technological, financial, political or other, were taken into consideration.
At the start, our experts undertook numerous consultations within the organization to gain a clear understanding of its operations, industry and issues. These discussions provided an inventory of the company’s risk exposure and helped determine the top twenty.
This was followed by a workshop during which directors and officers discussed the risks and existing controls and ranked the top twenty by importance (i.e. their impact on the organization and the probability of their occurrence).
Using our proposed methodology, these discussions provided the means to set the tolerance level for the main risks and a framework to monitor the situation and notify the directors and officers of any problem.
Determining the tolerance level for the various risks is a complex exercise that requires careful consideration. For example, it was decided that the ten main risks would be discussed by the Board of Directors (BD) every three months and that for the others, the BD would only be notified when the risk exceeded a certain threshold.
For an e-commerce company, for example, the threshold could be the number of times the site was out of service during the month.
Working with the client, we then developed control methods and tools to monitor the main risks in terms of the established tolerance levels.
Over a given period, our experts gathered data on the progress of mitigation strategies and situations where the risk tolerance was exceeded. Our team prepared quarterly updates, which it submitted to the BD’s Audit Committee.
We also transferred our knowledge and supported the individuals responsible for risk management in the various departments to help develop their self-sufficiency in monitoring and preparing the required audit reports for the company’s officers and directors.
Our risk management advisory services provided numerous benefits for our client, including:
- The client now has a process and proactive, consistent control measurements to detect, assess and mitigate risks;
- The framework helps reduce growth-related risks;
- BD reporting was improved and officers are better informed about risks and mitigation strategies;
- Everyone in the company is more aware of risk management and the related benefits.
As was the case with our client, implementing a global risk management strategy can prove beneficial for any medium or large-size business. It’s an excellent way of ensuring that information is circulating effectively in the organization. It improves the BD’s business decisions and reaction time when issues arise. It also serves to enhance credibility, in particular with financing companies.
20 Jun 2019 | Written by :