Historically firms have adopted a silo approach toward risk management. It is exciting and encouraging to see the recent growth in Enterprise Risk Management practice across businesses globally. The world’s major organizations are now implementing ERM programs. We encourage our clients to implement Enterprise Risk Management programs. Aiming high now, will give your firm a real strategic advantage in the future.

ERM Rules

  • Consider all risk categories, not just those that can be easily calculated or are the most politically interesting.
  • Let the risk language and risk culture of the firm be encouraged and practiced ‘top down’ from the executives.
  • Establish clear, best practice policies on risk oversight responsibilities, risk appetite, controls, escalation and risk definitions.
  • Consider risk output at all levels of aggregation; enterprise, business line, operating unit, individual.
  • Ensure that growth is strategically maximized in a risk- adjusted manner incorporating the firms risk appetite and the short-term and long term objectives of the stakeholders.

Risk governance and control

It has become difficult to draw a line between corporate governance and risk management. It is critical to focus on the following:

  • Risk Appetite
  • Risk Culture
  • Risk Policies
  • Risk Governance Roles
  • Executive Commitment
  • Lines of Reporting
  • Escalation Procedures
  • Disaster Recovery and Business Continuity

Infrastructure Development

Important to regularly perform a detailed assessment of tools, analytics and skills:

  • Design of required data flow, output and analysis.
  • Prioritization of risk technology requirements.
  • Proprietary versus off-the-shelf: functionality, costs.
  • Competitor analysis, limitations and due diligence
  • Implementation and resource planning
  • Rules testing
  • Report design
  • Training and education

Identify, report and action the risk factors that an organization faces. Use sophisticated qualitative and quantitative tools to encourage clients to take risk into consideration when making business decisions.

Investment Risk

Decompose investment risk into market, credit and liquidity risks. Market risk is the risk that changes in market prices will reduce security value. Credit risk is the risk that shift in credit quality will reduce security value. Liquidity risk can arise due to failure to secure necessary funding or failure to execute a transaction at the current market price due to limited market participants

Operational Risk

Those risks arising from the execution of a company’s business functions – potential losses due to external events, management failure, inadequate controls, human error, fraud and system failure

Strategic Risk

The risk associated with future business plans and strategies, including plans for entering new business lines, expanding existing services through mergers and acquisitions, enhancing infrastructure.

Reputation Risk

The potential for loss to an organisation’s reputational capital. Reputation risk has reached headlines frequently in recent years following numerous cases of high profile scandals and frauds. Reputation risk can be highly destructive to shareholder value.

Risk Values

Many firms have been seriously compromised in recent years due to elementary and avoidable structural failures.

  • Ensure timely communication of known risks to top management.
  • Define clear accountability for risk decision making and documentation.
  • Keep investment decision making clearly focused on stakeholder value.
  • Do not ignore blind spots or continue legacy practices that contain potential threats.
  • Use staffing resources efficiently but do not allow any employee to have sole access to critical strategic information.
  • Mitigate or avoid any unrewarded risks. Target risk exploitation in conjunction with risk mitigation.
  • Develop common risk definitions that focus on the key threats.
  • Do not stop managing risks even if they cannot be easily measured.
  • Make informed investment choices based on qualified information rather than based on emotion, herd or loyalty.
  • Ensure all firm investments are subject to risk appetite, even the most confidential or political.
  • Align incentives and bonuses with short-term and long-term company success.
  • Compensate risk professionals based on the ability of the firm to operate within its risk appetite.
  • Target simple, focused and adaptable risk systems and models.
  • Focus on critical data input management accuracy rather than 100% data perfection.