Enterprise risk management

Establishing a risk framework is a critical piece of work for any organisation, as it guides how risk will be approached and managed. It is a series of documents such as risk policy, assessment and management procedures and processes that guide how risk will be managed. Key stages in the development of the risk framework include:

Design. Your risk framework is not a generic, one size fits all document. It should be tailored to you and the environment you operate in. The risk framework describes how risk will be managed within your organisation and by whom. It should be immediately recognisable to all that it helps guide decision making in your business and demonstrate the level of risk taking and risk prevention that you are comfortable with. Riskcom can help you design your risk framework, so that it works for your business.

A risk strategy sets out what you want to achieve as outcomes for the management of risks, and how you intend to achieve it. Your risk management strategy can cover all aspects of your business, from safety, financial, operational and reputational risk goals. The risk strategy should also include the way in which the organisation will consider risk and enjoy the same importance and frequency as other key organisational planning events. Connecting your risk strategy with your organisations vision and key objectives will align your efforts toward achieving outcomes.

Your risk policy is a key part of the risk framework and is your statement of intent as to how risk will be managed in your business, its focus and the behaviours that are required to ensure it becomes a part of everyday risk practice. It is crucial to get the intent of this document right, as it sets the tone for your entire business.

Organisations encounter risk every day as they pursue objectives and therefore, must embrace risk. The key is to understand HOW much risk willing to accept. This is risk appetite!

Establishing well considered risk appetite guide s management in setting goals and making decisions, and also enables personnel to pursue objectives within acceptable limits

Determining how much risk to take is therefore, fundamental to a risk management success however we often observe that of all the risk management framework components many organisations struggle to understand what risk appetite is and, therefore, either don’t establish risk appetite statements/criteria and/or develop a risk appetite that is ineffective. Hence, they miss a great opportunity to focus risk management efforts in the right areas..

Organisations are required to successfully implement a range of business processes (such as administration, strategic business planning, financial planning, product development, procurement, sales & marketing, customer service, information technology, information security, asset management) to ultimately achieve their business objectives. 

Once a risk management framework and supporting process has been developed, Riskcom is able to work with both strategic, operational and project business owners to not only incorporate relevant RMF components into business process documentation, but also embed risk management thinking into executive, operational and project management culture. 

Risk identification is a methodical approach to understanding the risks that might stop you from fully achieving your business objectives. The formal review of all risks, not just those that are immediately apparent, is a critical stage in the risk management process that is often overlooked. 

 Risk assessment is the process of determining the likelihood of the risk occurring, and the impact the risk will have if it does occur. By combining these two assessments, you can see just how impactful the risk could be and make a conscious choice about how much effort you want to devote to preventing it from occurring. Risk can then be ranked against one another, so that you can prioritise which risk impacts should be prevented or minimised first. 

 A risk register is a critical tool that captures information about risks and risk management and provides a dashboard view of the effectiveness of risk management for a particular topic. A risk register contains information about the risk, the causes of the risk, the controls in place to mitigate the risk, and the rating for that risk. Risk registers can also be developed to identify future mitigations and the progress to implement them. Riskcom can partner with you to develop risk register templates and processes that work for your business and are scalable, from enterprise through to business unit and project level. 

Risk controls are the actions or activities that are put in place to reduce the likelihood or consequence of a risk occurring. Our expert consultants can help develop control frameworks that are tailored to your business and that work to control your risk. Riskcom also has tools and processes that can assess the effectiveness of those controls in decreasing the likelihood or reducing the impact of the risk, so that you can demonstrate how well the control is working, or where further work is needed to bring the risk rating back to a level you are comfortable with. Undertaking this assessment and demonstrating the results gives comfort to stakeholders that risk is being managed effectively. 

To be effective a risk management framework, and the output from a risk process needs to be well considered, relevant and meaningful to the organisation, representative of the business and have the ownership of the executive, management and staff. Riskcom places great emphasis in working closely with our clients to ensure this is achieved.

We have significant experience in facilitating risk workshops and meetings with senior executives to operational teams to, for example, develop risk policy and governance models, risk appetite statements, develop risk assessment criteria or to facilitate risk identification and assessment workshops..

Your business is susceptible to shock from both internal and external sources that can interrupt your ability to supply your goods or services . Case studies show that where supply of your product is interrupted, the market quickly finds an alternative and moves on. It can be hard to recover and regain that foothold again.
The best plan to avoid this it to develop your business continuity plan. This is a plan that identifies all of your critical business functions and resources, and has plans to recover or replace those functions or resources, within agreed timeframes..