Measure and mitigate your risk
The global economic crisis provided a wakeup call to many organisations about the importance of an effective risk management framework.
Every business, regardless of size, sector or purpose, is subject to varying levels and types of risk. Understanding and mitigating the risks that specifically impact your business is essential.
Risk management framework
A good risk management framework will have systems for identifying, measuring, evaluating, monitoring, reporting and controlling or mitigating material risks that may affect the business' ability to achieve its objectives. Together with the underlying structures, policies, processes and resources, these systems form the risk management framework.
Three lines of defence
The 'three lines of defence' has become the standard model for identifying, managing and monitoring risks and uncertainty in organisations. The model has three lines, or barriers, of defence against the impact of risk illustrated as above.
The first line represents staff on the frontline, those involved in day-to-day operations and directly exposed to the risks of your business. The second line is essentially the oversight function for the first which sets and monitors the policies and procedures that the first line of defence must comply with. The third line is the independent review of the effectiveness of the first and second lines by assurance providers and directors.
It is the second line of defence which is crucial for all businesses. Identifying risks is just the starting point; the 'second line' seeks to develop these into an acceptable risk appetite and then align the working practices of business operations within the boundaries of that appetite.
How this is performed in practice and the level of detail involved is dependent on the size of your business. At a minimum, there should be communication across all three lines to ensure that everyone is aware and can seek to mitigate the risks of the organisation.
We provide assurance and consultancy services to a diverse cross section of organisations which require, or would benefit from, a robust and effective risk management framework. These range from heavily regulated organisations such as credit unions impacted by mandatory risk management standards enforced by the Australian Prudential Regulation Authority, through to charities and large private companies looking to satisfy best practice governance standards or to seek competitive advantages.
Questions to consider
- Does everyone in your organisation share the same view of the risks impacting your business?
- Do you have clearly defined roles, responsibilities and accountability for staff?
- Does your business strategy align with your risk appetite and risk management?
- Are your independent governance and assurance functions adding value in regards to risk identification and management?
- Do you keep abreast of emerging risks across your business?
For assistance in the implementation or assessment of effective risk management appropriate for your business, contact one of our Audit & Assurance specialists.