Enterprise Risk Management

Leading managers know that success needs development, which means change and change means Risk. Meeting Customer’s expectations and being successful in the market means Risk and risk means reward as well as potential loss. Risks must be analysed and managed:

to establish the contexts for corporate performance;
to identify and assess the significant inherent risks facing the organisation;
to evaluate and improve internal control systems in response to risk;
to assess the potential rewards and costs in risks and controls.

Managing Risk is a skill that can be developed and structured through training and participation in the process of identification and assessment.

We help organisations institutionalise Risk Management as a good business practice. This includes conducting training programmes, conducting workshops for risk identification, evaluation, assessment and treatment – either at a Project level or at a function level or at an entity level and also setting up the Risk Management Administration structure.

Scope and approach for an ERM assignment

ESTABLISH RISK MANAGEMENT FRAMEWORK

OBJECTIVE

"Sensitize" the entire organization to Risk in Decision Making and Structured approach to Risk Management.
Establish a Risk Model for identifying risks, prioritizing risks and monitoring or treating the risks for a selected area, activity or process. Define Risk Policy and the Risk Register.

HAZOP Study is not a part of this exercise. Existing HAZOP studies, if any should be considered.

A comprehensive IT Risk Assessment which is mainly based on ISO 27000 is specifically outside the scope and may be taken as a separate phase of Risk Assessment. Generally, external IT expertise is involved and the outcome is a comprehensive Information Systems Security Policy.

METHODOLOGY AND ROLES

A Process orientation will be maintained in the risk identification and treatment workshops. While Major Projects may be underway, we will consider “Manage Projects” as a process and not seek to identify risks in each project independently. Project Risk Management could be covered in a separate assignment.

The primary methodology is a Facilitator based approach with the risk identification and ownership role being with the operating managers. Cross functional Managers would participate in each workshop based on the requirement for each process. The specific roles to be performed are given in the following table:

Process	Activity	Deliverable	Role of Sama	Role of Company Officials
Preparation for Assignment	-	ERM Organisation Write up	Study the Material provided to form a background to the workshops Interview Selected Senior Management Team Members Prepare and Discuss draft ERM Organisation and Standards	Provide detailed material, including company mission and vision statements, organisation charts, Board and Board committee charters, company charters, strategic plans, business plans, existing risk-related policies processes and procedures (including processes for project approvals, project management, OH&S, environmental management, contract approval, contract management, ...)
Risk Management Training	Awareness workshops - 3 hours each	Risk Management Training Materials Improved understanding of risk and control	Organise training materials Conduct workshops	Participation by Senior Management and Middle Management Team (Directors, Unit Heads and Process Owners)
Establish an interim Risk Management Administration Structure	Identify the Risk Management Process Owner Identify the software to be used, if any Document the process adopted Create a document of Risk Management Policy Document the overall Risk Management Framework in the company and circulate to all in the organization Establish a Risk Management communication system	Process Documentation Risk Management System Information Booklet including RM Policy Established visible structure of Risk Management	Define the Risk Management Process Owner Profile Provide alternative software solutions that can be used and assist in selection of software Draft the write up for the Information Booklet Define the parameters of Risk Management Communication System	Commit somebody adequately experienced to be the assignment coordinator who can later on be identified as the Risk Management System Owner Invest in software / Make available the software Printing and circulation of the Information Booklet Establish the communication channels – separate, if required
Develop Strategic Risk Management Model and Operational Risk Management Model	Document Contexts and Rating Scales	Draft contexts and scales	Establish the Strategic, Organisational and Risk Management context and Define the Criteria Establish Consequence and Likelihood rating scales	Provide additional inputs to finalise and sign off
	Risk Identification and Prioritising Workshop for all members in the Senior Management – for Marketing Office and Factory - each separately	Initial Risk Register – Strategic and Operational Risk	Conduct Workshop Document Risks and assessments	Senior Management Participation
		Revised Risk Register	Management Presentation and Discussions
	Risk Treatment Workshop	Treatments and Proposed Action Plan	Conduct Workshop Compile Treatments and Proposed Action Plans	Participation of same senior management Commit resources for shortlisting action plan Schedule implementation of action plan
	Workshop for Corporate Risk Identification	Initial Risk Register – Strategic and Operational Risk	Conduct Workshop Document Risks and assessments	Senior Management Participation
		Revised Risk Register	Management Presentation and Discussions
	Risk Treatment Workshop	Treatments and Proposed Action Plan	Conduct Workshop Compile Treatments and Proposed Action Plans	Participation of same senior management Commit resources for shortlisting action plan Schedule implementation of action plan
Risk Management Roll Out	Identify the Risk Management Champion ( can be the Compliance Head/CFO) Establish the overall plan for the roll out Establish Monitoring mechanisms Establish Risk Assessment and Reporting cycles Compliance Reviews	Roll out Plan Established monitoring mechanisms Risk Assessment and reporting cycle schedules Updated Risk Registers	Document Overall Roll out plan Identify the monitoring mechanisms and assist in establishing the same Document the assessment and reporting cycle Review with each Group	Execute the Rollout plan Implement the monitoring mechanisms Implement the cycles Participation of Senior Management Team Members

GOVERNANCE

Establish a small risk team to work closely with us, to provide detailed guidance as well as assisting us with access to key people and administrative support. Establish and operationalise a Risk Steering Group, including representatives from the Operations, Strategic & Corporate Planning and Financial teams, to provide high-level guidance on ERM requirements.

We will also be looking to the risk team and the Risk Steering Group to form a core group of risk management ‘champions’ in the company. This kind of active, high-level support is a pre-requisite for successful long-term implementation – we can provide short-term outcomes that will have great value for the company, but champions are needed to reinforce the need for risk management, ensure the processes we establish continue to be used, follow up the status of specific risk-reducing and opportunity-capturing actions and maintain the engagement of managers at all levels with risk management.

Know how we or our Associates or both of us together

Sama and Broadleaf Capital can help you manage Risk better

Call us at: +91 22 2674 3675 | +91 9833 760 638

Email us