To reduce risk, improve structure
Our client – an ASX Top 100 Company – believed it had strong risk management capabilities in its operational areas, but required a more structured risk management approach.
Process and findings
Over a three week period, we conducted an extensive review of the client’s existing risk management capabilities and processes.
These processes were reviewed against ISO:31000:2009 Risk Management Standard and Principle 7 of the ASX Principles of Good Corporate Governance; Best Practice Recommendations.
We compiled a diagnostic report that outlined the strengths and weaknesses of the client’s existing risk management program.
It included the following deficiencies:
- The client had some capabilities in managing specific risks within each of its subsidiaries, but there was little consistency in the approach or reporting on these risks.
- There was no formal system in place to systematically identify, assess, manage and monitor risks that could impact on the client’s strategic, financial and operational objectives.
Following our review, the client engaged Risk Advisory Services as an outsourced risk management department to design and implement a risk management program that was consistent with its organisational structure and culture.
To date the client:
- Has revised the terms and focus of its Risk Management Committee to oversee the organisation’s risk management process, and monitor the management of its significant risks.
- Has identified the significant financial risks facing the organisation and is reviewing how these are currently being managed.
- Has developed a suite of policies to be implemented across the group to ensure internal controls are consistent.
- Is developing a reporting and monitoring system to ensure identified risks and incidents are recorded consistently by each subsidiary. Management reports will be shared across the group to improve risk mitigation through awareness.