Don’t let risk management overwhelm you

Ernst & Young gave me one of the best practical professional training. As a new recruit in 2006, the then E&Y induction involved understanding

Ernst & Young gave me one of the best practical professional training. As a new recruit in 2006, the then E&Y induction involved understanding the external audit methodology from A-Z. You had to read the whole of it or risk being exposed during the engagement. After reading the entire E&Y audit methodology (so many policies and procedures on understanding the client, engagement acceptance, billing, applying auditing standards, etc) only to realize that my heart was in consulting.

I had been recruited as an audit trainee and enjoyed the role until I got access to the firm’s strategy – it prioritized consulting over audit & assurance for the next few years. Plus, I loved the way consultants spent most of their time traveling around the world. I had to be in the consulting services line.

Thank God, I finally made the move.

One of my first tasks was to review the enterprise risk management processes of a bank and align them to best practices.

This bank had a good enterprise risk management framework document– with clear risk structure, risk appetite, risk identification and assessment process and a risk register.  Unfortunately, implementation was very poor.

The top 20 risks in the printed risk register the CEO handed to me had over 18 risks that had been effectively managed and had been overtaken by events! Yet they continued to look at these risks eight months down the road!

Risk is dynamic. You must implement a system where risk assessment is an on-going activity done by staff involved in the day to day running of the business. Your staff, with timely guidance from a risk champion, must provide reports on the potential high risk events on a daily basis. Your system must be able to assimilate and escalate the risks to the higher level in real time.

A manual risk setup falls short on this.

It is high time you considered automating your enterprise risk management process. That way, you will breathe life into your risk management processes – risk identification will be on-going. Like this morning I visited a prospect, and as I entered, they were mopping the floor after water entered into the office through the window following a heavy morning downpour. To me, that is a risk event. In the next office, a staff had placed a small cup on his desk. Reason – the roof was leaking notwithstanding a lot of physical documents on the desk!

To know more about our SummitRisk software, risk management monitor for your organization.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related