The need and importance of risk management is now widely regarded in successful commercial and public sector organisations. Organisations that fail to recognise and manage their risks can destroy value for their stakeholders, squander resources and ultimately damage their organisations’ image and reputation.
Our services
Although most organisations have some form of risk management processes and procedures, these may not be organised and coordinated in the most efficient and effective way possible. We can assist you to improve your risk management infrastructure and capabilities by providing:
- Independent risk management reviews.
- Risk management program design and implementation.
- Outsourced risk management services.
When to undertake a review
Your organisation may need an independent review of its risk management processes and procedures if:
- You do not have a dedicated risk manager.
- You do not have a formal risk management program in place.
- You are not aware of the significant risks facing your organisation.
- You do not follow an appropriate process to identify and quantify your risks.
- You do not fully understand the risk controls or treatments that are currently in place or monitor these controls to ensure compliance and effectiveness.
- You primarily rely on your insurance program to cover all of your risks.
- You are not sure which of your risks are insured and which of your risks are uninsured.
- You have not undertaken a formal review of risk tolerance and risk appetite.
- Your Risk Manager has resigned and you need a temporary replacement.
- You are not sure if your risk management department is running efficiently.
- You are conducting a major project and require a risk assessment.
- You are not sure how your risk management process and procedures compare to the Australian and New Zealand Risk Management Standard (AUS/NZS4360) or ASX Guidelines.
Case Study — ASX Top 100 Company
Situation
- Our client believed it had strong risk management capabilities in its operational areas, but required a more structured risk management approach.
Process and findings
- We conducted an extensive review of the clients’ existing risk management capabilities and processes over a three week period. These processes were reviewed against AS/NZ 4360:2004 Risk Management Standard and Principle 7 of the ASX Principles of Good Corporate Governance & Best Practice Recommendations.
- A diagnostic report was completed that outlined the clients strengths and weaknesses with respect to its existing risk management program including the following deficiencies:
- The client had some capabilities in managing specific risks within each of its subsidiaries, but there was little consistency in the approach or reporting on these risks.
- There was no formal system in place to systematically identify, assess, manage and monitor risks that could impact on the clients strategic, financial and operational objectives.
Client outcome
Following our review, we were appointed as the client’s outsourced risk management department to design and implement a risk management program that was consistent with its organisational structure and culture. To date the client:
- Has revised the terms and focus of its Risk Management Committee to oversee the organisations risk management process and monitor the management of its significant risks.
- Has identified the significant financial risks facing the organisation and is reviewing how these are currently being managed.
- Has developed a suite of policies to be implemented across the group to ensure that internal controls are consistent.
- Is developing a reporting and monitoring system to ensure that identified risks and incidents are recorded consistently by each subsidiary with management reports to be shared across the group to improve risk mitigation through awareness.