Page 47 - The Corporate Report Pack
P. 47
How risky is your business?
1. Adequately identify the material risks that the organisation faces in a timely manner.
2. Implement appropriate risk management strategies that are responsive to the organisation’s risk profile, business strategies, specific material risk exposures and risk tolerance thresholds.
3. Take consideration of risk and risk management into business decisions throughout the organisation.
4. Timeously transmit necessary information with respect to material risks to senior executives and, as appropriate, to the board or relevant committees.
It must be stressed that risk managers are not keepers of risks nor removers of risk, but proactive managers of those risks. e board should require the risk manager to be active in installing more transparent decision making around risk/reward trade-o s, so that it helps the board to achieve the goals and objectives while balancing the risk to be within the risk appetite of the rm.
An e ective and independent risk management department will help ful l the duty of the board, which is to inquire of management about existing risk management processes and challenge management to demonstrate the e ectiveness of those processes in identifying, assessing and managing the organisation’s most signi cant enterprise-wide risk exposures.
e use of board committees such as audit committees, nominating/governance committees, compensation committees, with each focusing attention on elements of enterprise risk management, could be considered. is will assist senior management with strategic decisions in relation to commercial exits and disposals as well as re ning strategic decisions going forward.
A word of caution should be observed here. Organisation cultures are dynamic by de nition, so to sustain the right attitudes and behaviours over time requires continuing e ort. An ongoing risk committee might start o by keeping on top of key issues but become stale and mechanical as people lose energy over time. A new leadership or a new set of market pressures could send the culture in a di erent direction. e board should ensure spot checks are conducted every year on employee attitudes and
minor risk infractions. It is crucial that the board be satis ed that the activities of the various committees are coordinated and that the company has adequate risk management processes in place.
Board agendas should include information packets that integrate strategy and operational initiatives with enterprise-wide risk exposures to strengthen the ability of boards to ensure risk exposures are consistent with the overall appetite for risk. Annual reviews do not replace the need for the board to regularly assess and reassess their own operations and processes, learn from past mistakes, and seek to ensure that current practices will address speci c major issues whenever they may arise.
To do this e ectively, we should look at how risk devolves though the organisation.
Operational risk
Operational risk can be broadly de ned as an event that leads to production stoppage or loss.
This includes:
• Legal liability: is includes client, employee and
other third party lawsuits.
• Regulatory, compliance and taxation: is
includes penalties nes, or the cost of any other penalties, such as licence revocations and associated costs, but excludes lost/forgone revenue.
• Loss of or damage to assets: is is the reduction in value of the rm’s non- nancial assets and property.
• Client restitution: is includes restitution payments (principal and/or interest) or other compensation to clients.
• e , fraud and unauthorised activities: is includes rogue trading.
• Transaction processing risk: is includes failed or late settlement, wrong amount or wrong counterparty
Operational risk priorities should be reported to the board or to a committee formed by the board to deal with such issues. e key to e ective operational risk management is to create a process that tracks the various elements of operational risk over time and identi es trends that could be an early warning sign
The Corporate Report 23
