During an audit by a leading assurance organisation, the opportunity to create a robust and effective Enterprise Risk Management framework was highlighted. Specifically the audit suggested there was opportunity to:
• Increase risk visibility
• Ensure consistent identification and assessment of risks
• Demonstrate robust management activity to stakeholders
• Incorporate IT Operations and Development risks.
KRisk were commissioned to develop and embed an Enterprise Risk Management process which:
• Is appropriate to the size and culture of the organisation
• Ensures all categories of risk are considered
• Brings together risk information from both the operational and strategic sides of the organisation in a consistent way
• Add value to the organisation.
KRisk adopted a phased approach to delivering this project, which started with a detailed review of the organisation, risk processes and ERM related documentation. This was compared against best practice and opportunities for improvement identified. Building on this insight, KRisk presented an ERM framework, outlined in a Framework, Policies and Procedures document that aligned to the objectives of the organisation. This was reviewed by the Audit Committee and accepted.
Following this, KRisk focused on establishing the departmental and corporate risk registers required to facilitate the flow of risk information. Risk workshops were facilitated with representatives from across the organisation. Participants were encouraged to consider the objectives of the business, key activities and future plans to identify risks across all categories.
The impact and likelihood of each risks was assessed to allow top risks to be prioritised, before current mitigation evaluated and action plans put in place were risk mitigation could be improved.
This project provided our client with the foundations on which to build a value adding ERM framework. Risk information now reaches the right people, at the right time, in the right format to make effective risk based decisions.