Enterprise Risk Management

Enterprise Risk Management SamAdm May 20, 2022

Enterprise Risk Management

Leading managers know that success needs development, which means change and change means Risk. Meeting Customer’s expectations and being successful in the market means Risk and risk means reward as well as potential loss. Risks must be analysed and managed:

  • to establish the contexts for corporate performance;

  • to identify and assess the significant inherent risks facing the organisation;

  • to evaluate and improve internal control systems in response to risk;

  • to assess the potential rewards and costs in risks and controls.

Managing Risk is a skill that can be developed and structured through training and participation in the process of identification and assessment.

We help organisations institutionalise Risk Management as a good business practice. This includes conducting training programmes, conducting workshops for risk identification, evaluation, assessment and treatment – either at a Project level or at a function level or at an entity level and also setting up the Risk Management Administration structure.

Scope and approach for an ERM assignment

ESTABLISH RISK MANAGEMENT FRAMEWORK
OBJECTIVE
  • "Sensitize" the entire organization to Risk in Decision Making and Structured approach to Risk Management.

  • Establish a Risk Model for identifying risks, prioritizing risks and monitoring or treating the risks for a selected area, activity or process. Define Risk Policy and the Risk Register.

HAZOP Study is not a part of this exercise. Existing HAZOP studies, if any should be considered.

A comprehensive IT Risk Assessment which is mainly based on ISO 27000 is specifically outside the scope and may be taken as a separate phase of Risk Assessment. Generally, external IT expertise is involved and the outcome is a comprehensive Information Systems Security Policy.

METHODOLOGY AND ROLES

A Process orientation will be maintained in the risk identification and treatment workshops. While Major Projects may be underway, we will consider “Manage Projects” as a process and not seek to identify risks in each project independently. Project Risk Management could be covered in a separate assignment.

The primary methodology is a Facilitator based approach with the risk identification and ownership role being with the operating managers. Cross functional Managers would participate in each workshop based on the requirement for each process. The specific roles to be performed are given in the following table:

Process Activity Deliverable Role of Sama Role of Company Officials
Preparation for Assignment
-
ERM Organisation Write up
  • Study the Material provided to form a background to the workshops
  • Interview Selected Senior Management Team Members
  • Prepare and Discuss draft ERM Organisation and Standards
Provide detailed material, including company mission and vision statements, organisation charts, Board and Board committee charters, company charters, strategic plans, business plans, existing risk-related policies processes and procedures (including processes for project approvals, project management, OH&S, environmental management, contract approval, contract management, ...)
Risk Management Training
Awareness workshops - 3 hours each
  • Risk Management Training Materials
  • Improved understanding of risk and control
  • Organise training materials

  • Conduct workshops

Participation by Senior Management and Middle Management Team (Directors, Unit Heads and Process Owners)
Establish an interim Risk Management Administration Structure
  • Identify the Risk Management Process Owner
  • Identify the software to be used, if any
  • Document the process adopted
  • Create a document of Risk
  • Management Policy
  • Document the overall Risk Management Framework in the company and circulate to all in the organization
  • Establish a Risk Management communication system
  • Process Documentation

  • Risk Management System Information Booklet including RM Policy

  • Established visible structure of Risk Management

  • Define the Risk Management Process Owner Profile

  • Provide alternative software solutions that can be used and assist in selection of software

  • Draft the write up for the Information Booklet

  • Define the parameters of Risk Management Communication System

  • Commit somebody adequately experienced to be the assignment coordinator who can later on be identified as the Risk Management System Owner

  • Invest in software / Make available the software

  • Printing and circulation of the Information Booklet

  • Establish the communication channels – separate, if required

Develop Strategic Risk Management Model and Operational Risk Management Model
Document Contexts and Rating Scales
Draft contexts and scales
  • Establish the Strategic, Organisational and Risk Management context and Define the Criteria
  • Establish Consequence and Likelihood rating scales
Provide additional inputs to finalise and sign off
Risk Identification and Prioritising Workshop for all members in the Senior Management – for Marketing Office and Factory - each separately
Initial Risk Register – Strategic and Operational Risk
  • Conduct Workshop
  • Document Risks and assessments
Senior Management Participation
Revised Risk Register
Management Presentation and Discussions
Risk Treatment Workshop
Treatments and Proposed Action Plan
  • Conduct Workshop
  • Compile Treatments and Proposed Action Plans
  • Participation of same senior management
  • Commit resources for shortlisting action plan
  • Schedule implementation of action plan
Workshop for Corporate Risk Identification
Initial Risk Register – Strategic and Operational Risk
  • Conduct Workshop
  • Document Risks and assessments
Senior Management Participation
Revised Risk Register
Management Presentation and Discussions
Risk Treatment Workshop
Treatments and Proposed Action Plan
  • Conduct Workshop
  • Compile Treatments and Proposed Action Plans
  • Participation of same senior management
  • Commit resources for shortlisting action plan
  • Schedule implementation of action plan
Risk Management Roll Out
  • Identify the Risk Management Champion ( can be the Compliance Head/CFO)
  • Establish the overall plan for the roll out
  • Establish Monitoring mechanisms
  • Establish Risk Assessment and Reporting cycles
  • Compliance Reviews
  • Roll out Plan
  • Established monitoring mechanisms
  • Risk Assessment and reporting cycle schedules
  • Updated Risk Registers
  • Document Overall Roll out plan
  • Identify the monitoring mechanisms and assist in establishing the same
  • Document the assessment and reporting cycle
  • Review with each Group
  • Execute the Rollout plan
  • Implement the monitoring mechanisms
  • Implement the cycles
  • Participation of Senior Management Team Members
GOVERNANCE

Establish a small risk team to work closely with us, to provide detailed guidance as well as assisting us with access to key people and administrative support. Establish and operationalise a Risk Steering Group, including representatives from the Operations, Strategic & Corporate Planning and Financial teams, to provide high-level guidance on ERM requirements.

We will also be looking to the risk team and the Risk Steering Group to form a core group of risk management ‘champions’ in the company. This kind of active, high-level support is a pre-requisite for successful long-term implementation – we can provide short-term outcomes that will have great value for the company, but champions are needed to reinforce the need for risk management, ensure the processes we establish continue to be used, follow up the status of specific risk-reducing and opportunity-capturing actions and maintain the engagement of managers at all levels with risk management.

Know how we or our Associates or both of us together

Sama and Broadleaf Capital can help you manage Risk better

Call us at:  +91 22 2674 3675  | +91 9833 760 638

OR

Email us