Enterprise Risk Management

Leading managers know that success needs development, which means change and change means Risk. Meeting Customer's expectations and being successful in the market means Risk and risk means reward as well as potential loss. Risks must be analysed and managed:

  • to establish the contexts for corporate performance;
  • to identify and assess the significant inherent risks facing the organisation;
  • to evaluate and improve internal control systems in response to risk;
  • to assess the potential rewards and costs in risks and controls.

Managing Risk is a skill that can be developed and structured through training and participation in the process of identification and assessment.

We help organisations institutionalise Risk Management as a good business practice. This includes conducting training programmes, conducting workshops for risk identification, evaluation, assessment and treatment – either at a Project level or at a function level or at an entity level and also setting up the Risk Management Administration structure.

An illustrative scope and approach for an ERM assignment is given below :

ESTABLISH RISK MANAGEMENT FRAMEWORK

OBJECTIVE

  1. "Sensitize" the entire organization to Risk in Decision Making and Structured approach to Risk Management.
  2. Establish a Risk Model for identifying risks, prioritizing risks and monitoring or treating the risks for a selected area, activity or process. Define Risk Policy and the Risk Register.

HAZOP Study is not a part of this exercise. Existing HAZOP studies, if any should be considered.

A comprehensive IT Risk Assessment which is mainly based on ISO 27000 is specifically outside the scope and may be taken as a separate phase of Risk Assessment. Generally, external IT expertise is involved and the outcome is a comprehensive Information Systems Security Policy.

METHODOLOGY AND ROLES

A Process orientation will be maintained in the risk identification and treatment workshops. While Major Projects may be underway, we will consider “Manage Projects” as a process and not seek to identify risks in each project independently. Project Risk Management could be covered in a separate assignment.

The primary methodology is a Facilitator based approach with the risk identification and ownership role being with the operating managers. Cross functional Managers would participate in each workshop based on the requirement for each process. The specific roles to be performed are given in the following table –

Process Activity Deliverable Role of Sama Role of Company Officials

Preparation for Assignment

 

ERM Organisation Write up

Study the Material provided to form a background to the workshops

Interview Selected Senior Management Team Members

Prepare and Discuss draft ERM Organisation and Standards

Provide detailed material, including company mission and vision statements, organisation charts, Board and Board committee charters, company charters, strategic plans, business plans, existing risk-related policies processes and procedures (including processes for project approvals, project management, OH&S, environmental management, contract approval, contract management, ...)

Risk Management Training

Awareness workshops - 3 hours each

Risk Management Training Materials

Improved understanding of risk and control

Organise training materials

Conduct workshops

Participation by Senior Management and Middle Management Team (Directors, Unit Heads and Process Owners)

Establish an interim Risk Management Administration Structure

Identify the Risk Management Process Owner

Identify the software to be used, if any

Document the process adopted

Create a document of Risk

Management Policy

Document the overall Risk Management Framework in the company and circulate to all in the organization

Establish a Risk Management communication system

Process Documentation

Risk Management System Information Booklet including RM Policy

Established visible structure of Risk Management

Define the Risk Management Process Owner Profile

Provide alternative software solutions that can be used and assist in selection of software

Draft the write up for the Information Booklet

Define the parameters of Risk Management Communication System

Commit somebody adequately experienced to be the assignment coordinator who can later on be identified as the Risk Management System Owner

Invest in software / Make available the software

Printing and circulation of the Information Booklet

Establish the communication channels – separate, if required

Develop Strategic Risk Management Model and Operational Risk Management Model

Document Contexts and Rating Scales

Draft contexts and scales

Establish the Strategic, Organisational and Risk Management context and Define the Criteria

Establish Consequence and Likelihood rating scales

Provide additional inputs to finalise and sign off

 

Risk Identification and Prioritising Workshop for all members in the Senior Management – for Marketing Office and Factory - each separately

Initial Risk Register – Strategic and Operational Risk

Conduct Workshop

Document Risks and assessments

Senior Management Participation

   

Revised Risk Register

Management Presentation and Discussions

 
 

Risk Treatment Workshop

Treatments and Proposed Action Plan

Conduct Workshop

Compile Treatments and Proposed Action Plans

Participation of same senior management

Commit resources for shortlisting action plan

Schedule implementation of action plan

 

Workshop for Corporate Risk Identification

Initial Risk Register – Strategic and Operational Risk

Conduct Workshop

Document Risks and assessments

Senior Management Participation

   

Revised Risk Register

Management Presentation and Discussions

 
 

Risk Treatment Workshop

Treatments and Proposed Action Plan

Conduct Workshop

Compile Treatments and Proposed Action Plans

Participation of same senior management

Commit resources for shortlisting action plan

Schedule implementation of action plan

Risk Management Roll Out

Identify the Risk Management Champion ( can be the Compliance Head/CFO)

Establish the overall plan for the roll out

Establish Monitoring mechanisms

Establish Risk Assessment and Reporting cycles

Compliance Reviews

Roll out Plan

Established monitoring mechanisms

Risk Assessment and reporting cycle schedules

Updated Risk Registers

Document Overall Roll out plan

Identify the monitoring mechanisms and assist in establishing the same

Document the assessment and reporting cycle

Review with each Group

Execute the Rollout plan

Implement the monitoring mechanisms

Implement the cycles

Participation of Senior Management Team Members

GOVERNANCE

Establish a small risk team to work closely with us, to provide detailed guidance as well as assisting us with access to key people and administrative support. Establish and operationalise a Risk Steering Group, including representatives from the Operations, Strategic & Corporate Planning and Financial teams, to provide high-level guidance on ERM requirements.

We will also be looking to the risk team and the Risk Steering Group to form a core group of risk management 'champions' in the company. This kind of active, high-level support is a pre-requisite for successful long-term implementation – we can provide short-term outcomes that will have great value for the company, but champions are needed to reinforce the need for risk management, ensure the processes we establish continue to be used, follow up the status of specific risk-reducing and opportunity-capturing actions and maintain the engagement of managers at all levels with risk management.

Do call us at +91 22 2674 3675 | +91 9870 414 071 to know how we or our Associates or both of us together – Sama and Broadleaf Capital can help you manage Risk better. Or email us at info@samaaudit.com