A review by a leading assurance organisation on the adequacy of existing of risk management controls in a Insurance service organisation highlighted opportunity to improve the processes in place to manage risk across the organisation. Specifically there there was an opportunity to create an ERM framework to:
Increase risk visibility
Ensure consistent identification and assessment of risks
Demonstrate robust management activity to stakeholders
Incorporate IT Operations and Development risks.
On the back of this review, KRisk were commissioned to develop and embed an Enterprise Risk Management process which:
Is appropriate to the size and culture of the organisation
Ensures all categories of risk are considered
Brings together risk information from both the operational and strategic sides of the organisation in a consistent way
Add value to the organisation.
They needed to demonstrate and build confidence to their board and audit committees to show their RM process was robust, integrated, effective.
They didn’t have the impartial internal expertise to resolve this issue.
Phase 1: Information Review
Time was assigned at the beginning of the project to complete a detailed review of ERM related documentation, as well as key documents that will inform this project e.g. structure charts, Audit output report, etc. ERM documentation will be compared against best practice and any gaps highlighted.
Phase 2 Workshops & Risk Registers
Workshops are an effective way to interact with people across the organisation to gather the operational risk information required. They allow people to share ideas and ask questions, inspiring them to actively engage with ERM.
The aim of the workshops is to encourage participants to consider the objectives of the business, key activities and future plans to identify risks across all categories. KRisk adopt a number of techniques to help participants consider risk, including bow tie analysis.
The workshop setting also gives us the opportunity to educate participants on the principles of risk management, how they add value to a business and how they can be used to better manage risk across the organisation.
Phase 3: Output Report
A final output report was developed outlining all the steps taken throughout the project and the results achieved.
Focus was given to an analysis of the consolidated risk information contained in the operational level risk registers when compared against the strategic risk register.
Furthermore, the actions required to ensure the proactive management of those risks identified will be considered alongside more general next steps to continuing the ERM journey.