Don’t let risk management overwhelm you

Don’t let risk management overwhelm you

Ernst & Young gave me one of the best practical professional training. As a new recruit in 2006, the then E&Y induction involved understanding the external audit methodology from A-Z. You had to read the whole of it or risk being exposed during the engagement. After reading the entire E&Y audit methodology (so many policies and procedures on understanding the client, engagement acceptance, billing, applying auditing standards, etc) only to realize that my heart was in consulting.

I had been recruited as an audit trainee and enjoyed the role until I got access to the firm’s strategy – it prioritized consulting over audit & assurance for the next few years. Plus, I loved the way consultants spent most of their time traveling around the world. I had to be in the consulting services line.

Thank God, I finally made the move.

One of my first tasks was to review the enterprise risk management processes of a bank and align them to best practices.

This bank had a good enterprise risk management framework document– with clear risk structure, risk appetite, risk identification and assessment process and a risk register.  Unfortunately, implementation was very poor.

The top 20 risks in the printed risk register the CEO handed to me had over 18 risks that had been effectively managed and had been overtaken by events! Yet they continued to look at these risks eight months down the road!

Risk is dynamic. You must implement a system where risk assessment is an on-going activity done by staff involved in the day to day running of the business. Your staff, with timely guidance from a risk champion, must provide reports on the potential high risk events on a daily basis. Your system must be able to assimilate and escalate the risks to the higher level in real time.

A manual risk setup falls short on this.

It is high time you considered automating your enterprise risk management process. That way, you will breathe life into your risk management processes – risk identification will be on-going. Like this morning I visited a prospect, and as I entered, they were mopping the floor after water entered into the office through the window following a heavy morning downpour. To me, that is a risk event. In the next office, a staff had placed a small cup on his desk. Reason – the roof was leaking notwithstanding a lot of physical documents on the desk!

To know more about our SummitRisk software, risk management monitor for your organization.

About M. B. Mugisa

Mustapha Barnabas Mugisa is one of those rare people who provides business consulting and advisory to professionals and corporate entities who demand the very best. He is a prolific speaker and governance (strategy and risk) expert. His speaking involves making key notes at major conferences and business events on both technical subjects and leadership skills. A change agent and motivational speaker. Mustapha provides tools and proven methodologies to remarkable results through making people appreciate change. Visit Mustapha's LinkedIn profile to know more. Mustapha is the architect of #WinningMindset Leadership and #WinningTheGame strategy approach that combines Harvard Business strategy Playing To Win, with the Blue Ocean Strategy and Balanced Score Card to deliver a strategy that is easy to execute and monitor. Visit for special insights to improve your condition. Are you too good to be great?

Entries by M. B. Mugisa