A well structured risk-assessment program helps your company understand and stay within the acceptable boundaries of corporate conduct—both the mandated laws, rules, and regulations; and voluntary values, agreements, and other social obligations.
When properly implemented the benefits of effective risk management go way beyond just satisfying legal and regulatory requirements. An effective risk-management program must promote;
Better business performance
Increased efficiency
Improved and effective Corporate Governance.
Further more the benefits can be detected in the following areas:
Fewer Surprises — Proactive identification and management of key risks reduces earnings fluctuations and increases stakeholder confidence.
Reduced Loss and Increased Reward — Risk management helps to reduce the likelihood of and loss from negative events & helps to take advantage of opportunities that otherwise go unseen.
Effective Decision-Making — Better decisions are made when a structured consideration of risk is built into existing activities. Make risk management an inherent part of thedecision-making processes.
Improved Corporate Governance — Solid risk management and well-defined reporting and communication protocols, help an organization fulfil expectations of key stakeholders and comply with regulatory requirements.
External Risk Scrutiny and Benefits
Capital markets are paying closer attention to how companies manage risk. It is firmly believed that effective risk management leads to less uncertainty around the achievement of business objectives and increases the benefits for the organization's stakeholders.
Investors are willing to pay a premium for effective risk management—According to a 2006 survey of 138 of the world’s largest institutional investors, 82 percent of those surveyed reported that they were consistently willing to pay a premium on per-share prices for companies following effective risk-management practices.
Ratings agencies are increasing their focus on risk management—Agencies such as Standard & Poor’s and Moody’s have expanded their analysis within some regulated industries to include factors zeroing in on risk management.
This analysis as a precedent will probably be applied across all industries. Therefore highlight the company’s risk-management capability in discussions with creditors and ratings agencies. These discussions helped the company to improve its bond rating. The key here is the ability to communicate your risk-management approach.
Click here to download "Checklist for conducting Risk Assessment based on COSO definitions"
An effective Risk assessment program has to be consistent with the size, complexity, range of operation and organization of a company. A one-size-fits-all or a top-down check list approach, that treats all Governance, Risks or Compliance (GRC) issues as being equal, is not a solution. The checklists are designed only to provide indications that a "canaries in a coal mine" does. If your organisation's program for monitoring GRC issues is weak, it generally speaks to the overall control culture and risk management. Therefore weak GRC is a canary that's stopped singing — an indication of potential trouble.
Click here to download "European Reports on Corporate Governance"
How corporate IT departments develop their IT-risk management competencies
Availability
Access
Accuracy
Agility
Source: "IT Risk: Turning Business Threats Into Competitive Advantage" by George Westerman, MIT’s Center for Information Systems Research and Richard Hunter, Gartner.
Taste for risk.
Appropriate prices don’t guarantee profits in any given year, but inappropriate prices most certainly guarantee eventual losses
Warren E. Buffett
Chairman of the Board
Berkshire Hathaway
Click here