Enterprice Risk Service
Why Enterprise Risk Management
Effective governance is a critical aspect of a successful business: it supports management in delivery of the strategy, managing costs, attracting investment, making better decisions and responding to risk. There has never been more focus on how organisations identify and manage risk. From regulators to investors to senior executive management, companies are under pressure to be able to clearly articulate how they identify the principal risks to their businesses and how they ensure these are being managed within their risk appetite.
Balancing Risk and Return
Companies need to take risks to create value, and manage risks to protect value. There is a range of ‘optimal risk taking’ which supports maximum return – ‘the Sweet Spot’ – and effective risk management is about ensuring that the risks an organisation takes are the right ones and that they are appropriately managed. Top‑quartile companies are focused on operating in the Sweet Spot by ‘risk‑intelligent’ decision‑making – i.e. by measuring and managing
you from initial sketches to the final construction.
damages issues in hundreds of litigation and dispute matters.
The Risk Management Process
Identify Risks: The risk (or event) identification process precedes risk assessment and produces a comprehensive list of risks (and often opportunities as well), organized by risk category (financial, operational, strategic, compliance) and sub-category (market, credit, liquidity, etc.) for business units, corporate functions, and capital projects. At this stage, a wide net is cast to understand the universe of risks making up the enterprise’s risk profile.
While each risk captured may be important to management at the function and business unit level, the list requires prioritization to focus senior management and board attention on key risks. This prioritization is accomplished by performing the risk assessment
Develop Assessment Criteria. The first activity within the risk assessment process is to develop a common set of assessment criteria to be deployed across business units, corporate functions, and large capital projects. Risks and opportunities are typically assessed in terms of impact and likelihood. Many enterprises recognize the utility of evaluating risk along additional dimensions such as vulnerability and speed of onset.
Assess Risks: Assessing risks consists of assigning values to each risk and opportunity using the defined criteria.
This may be accomplished in two stages where an initial screening of the risks is performed using qualitative techniques followed by a more quantitative analysis of the most important risks.
Assess Risk Interactions: Risks do not exist in isolation. Enterprises have come to recognize the importance of managing risk interactions. Even seemingly insignificant risks on their own have the potential, as they interact with other events and conditions, to cause great damage or create significant opportunity. Therefore, enterprises are gravitating toward an integrated or holistic view of risks using techniques such as risk interaction matrices, bow-tie diagrams, and aggregated probability distributions.
Prioritize Risks. Risk prioritization is the process of determining risk management priorities by comparing the level of risk against predetermined target risk levels and tolerance thresholds. Risk is viewed not just in terms of financial impact and probability, but also subjective criteria such as health and safety impact, reputational impact, vulnerability, and speed of onset.
Respond to Risks: The results of the risk assessment process then serve as the primary input to risk responses whereby response options are examined (accept, reduce, share, or avoid), cost-benefit analyses performed, a response strategy formulated, and risk response plans developed.