What is Strategic Enterprise Risk Management and what are the steps in the Risk Management Process
Organisations can no longer ignore the risks that face their business and are taking a greater interest in Risk and Risk Management. It is increasingly understood that the explicit and structured management of risks brings benefits. In this Article, I will discuss the questions, What is Risk? What is Risk Management and what is the Risk Management process. The process being that which CAPPIM uses (Consult, Assess, Problem Solve, Plan Action, Implement and Monitor).
1. WHAT IS RISK?
“Risk is the effect of uncertainty on objectives.”
This definition encompasses BOTH the POSITIVE and NEGATIVE consequences of RISK, and places it in the context of the organisation’s objectives.
“RISK” can be divided into 5 key categories, including:
(1) Legal Risks: Fines and penalties, Corporate Governance, Regulatory Compliance, contracts (failure to sign, damages, liability) and Lawsuits;
(2) Financial: Bankruptcy, Stock Markets, cash flow, high interest rates, shareholder returns, damages claims and penalties;
(3) Strategic: Mergers, Joint Ventures, competition, customer demand, confidential information and intellectual property and management organisation;
(4) Operational: Staff, scope of works and KPIS and organisation structure; and
(5) Other: Theft, strikes, power, water, Cyber Risk.
2. RISK MANAGEMENT
Risk Management is the process of planning, organizing, directing, and controllingresources and operations to achieve given objectives, despite the uncertainty of events.
An effective risk management plan would include all the role players, including the CEO, the Board, the Subsidiaries, the Divisions and the Business Units and would take into consideration, the organisation’s risk appetite and risk tolerance, it’s values, its culture, KPIs, Corporate Governance, ethics and strategic objectives.
Effective Risk Management enables an organisation to manage the probability of any unforeseen events that may arise and to limit the effect of the consequences, along with responding proactively to opportunities.
3. 6 STEP PROCESS IN RISK MANAGEMENT
A 6 STEP PROCESS TO RISK MANAGEMENT – THE PROCESS SUMMARISED
The Risk Management process comprises, in summary of a 6 step process, each of which are inter-linked and inter-dependent and cover the identification, assessment and management of RISK, Corporate Governance and compliance, as well as ensure the sustainability and success of the organisation.
(1) CONSULT – CONSULT & IDENTIFY
After consulting with the client and understanding their business and objectives, using various identification methods (risk analysis and workshops), the risks of the organisation will be identified. The Key Risks identified would be the organisation’s legal, financial, operational and strategic, as well as opportunities. All external and internal risks, as well as known and unknown are identified.
Examples of risks would include: non-compliance with legislation, liability clauses in contracts, bankruptcy, lack of stock optimization, lack of resources, cyber risk and government instability
(2) ANALYSIS – QUANTIFY & QUALIFY
After identifying the organisation’s risks, based on the organisation’s risk appetite, risk tolerance and objectives, the Risks identified would be evaluated. Using a risk matrix, the Risks would be measured, which includes the possibility of the event occurring, the severity of the event occurring, mitigating processes (and other policies) in place and the time frame in which the event may occur.
(3) PROBLEM SOLVE – BRAIN STORM
The 3rd step is to determine how the risks identified and assessed should be treated.
Risks can either be avoided, accepted or transferred. Management determines its response to a risk by considering the impact a given decision will have, the likelihood of the risk, and the costs and benefits of its action. The goal is to take actions that will bring the organization’s overall residual risk within its risk appetite, manage its risks, meet its strategic objectives, including increasing profits, ensuring corporate governance and enterprise sustainability.
(4) PLAN ACTION – PLAN RISK MANAGEMENT SOLUTIONS
The 4th step is to formulate a risk management plan, which will include management’s response to the risks identified and assessed. The desired outcome of the plan, is not that organisations become risk-averse, but that proactive, risk-based decision making is fostered at all levels of the organization and managers knowingly and intentionally take risk while utilizing appropriate risk indicators.
For example we provide legal solutions, HR risk solutions, value optimization and insurance solutions, all of which would be considered and tailored specific to the client and based on the clients needs.
(5) IMPLEMENTATION: IMPLEMENTATION OF THE RISK MANAGEMENT PLAN
The 5th step is to implement the Risk Management plan and to respond to the risks identified and assessed.
This would include the preparation of risk registers, risk management frameworks and polices, drafting of necessary contracts, operations and value optimization, financial solutions and HR risk advisory solutions.
This is a continuous process, and should be updated with the organisations’s profile. Risks thereby being further mitigating and prevented and increasing profits in future years.
(6) MONITOR, MEASURE & CONTROL
The 6th step is to continue to monitor the risk management process and its outcomes, with responsibilities clearly defined. As part of the 6th step, the organisations’s Risks and the risk management solutions are continuously reviewed and measured and the organisation’s management systems updated.
This step consists of continuous planning, gathering and analyse of information, recording results and providing feedback.
4. BENEFITS OF RISK MANAGEMENT
Risks associated with different strategic options will be fully analysed and better strategic decisions will be made.
Consideration will have been given to a selection of tactics and the risks involved in the alternatives that are available.
Events that can cause disruption will be identified and actions taken to reduce the likelihood of these events, limit the damage and contain the Risk.
Will be enhanced as the risks associated with failure to achieve compliance with statutory and customer obligations will be met.
“Risk comes from not knowing what you’re doing”
Written by Cherine Hoffman, LLB (Cum Laude), LLM (Tax), Post Graduate Certificate in Mining
For more on CH Legal Consulting: Visit Services
For more on CAPPIM: visit www.chlegalconsulting.com