Risk assessment practices
“Enterprise Risk Management (ERM) is a structured, consistent and continuous process across the whole organization for identifying, assessing and deciding on responses to and reporting on opportunities and threats that affect the achievement of its objectives” (IIA - Institute of Internal Auditors).
Although a bit academic, we all would like to know our business opportunities as well as the risks that could hinder us from achieving our goals. Enterprise Risk Management seems to be the right answer. Although the concept is not new, many companies struggle to successfully integrate the idea and the methodology into their day-to-day business. In those companies where Enterprise Risk Management is successfully delivering on management’s expectations, we have observed the following key characteristics:
- ERM is a continuous process involving all levels in the organization.
- It is based on a widely disseminated understanding that risk ownership always is with the business and not with any support function.
- A company’s risk profiles and action plans are elements of any business/management review.
- The approach is based on standardized terminologies and definitions related to risk categorization as well as risk evaluation throughout the entire organization.
- The cycle is closed with a disciplined monitoring and follow-up process.
STEER’s consultancy regarding Enterprise Risk Management concentrates on the five key characteristics as outlined above. We believe they are critical for a successfully integrated approach delivering on management’s expectations.
We define fraud as “the inappropriate acquisition of an asset or other benefit through theft, the intentional breaking of laws or regulations or the intentional use of deception. Deception includes misleading another party by providing false information or through the withholding of important information that if known would have led the other party to a different conclusion related to a business arrangement, investment or other type of transaction.”
Most companies have established ethical standards, policies, guidelines and controls designed to support an ethical business culture. All elements together make up a company’s ”Anti-Fraud Program”. A fraud risk assessment helps to identify the robustness of the program and its policies, to support ethical business and compliance with laws and regulations. Our proposed assessments concentrate on the program’s ability to prevent fraud, detect fraud, resolve issues and strengthen controls.
The level of integrity and status of compliance with policies and procedures as well as external laws and regulations are key elements in any organization’s culture and business conduct.
The STEER Maturity Level assessment (MLA) “Legal & Financial Compliance” serves as guideline to review and assess the Company’s compliance program and system of internal controls that help the Company to be in compliance with legal and financial requirements. Compliance with accounting standards as well as tax compliance are not part of this MLA. Similarly compliance related to Environmental regulations as well as Health & Safety and License standards is not part of this MLA.
The STEER MLA concentrates on the assessment of the effectiveness of the Company’s Compliance Program and the Company’s “system of internal controls” designed to prevent fraud as well as properly manage situations where fraud has occurred.
STEER will produce the following deliverables at the conclusion of the Compliance MLA:
1) A comprehensive report that identifies strengths and weaknesses in the customer’s Compliance program and establishes priority areas for improvements.
2) A presentation kit to be used for briefing management at different levels as required by the customer and if requested conduct the briefing.
Upon request, STEER will assist the customer in developing an action plan to close any identified gaps and work with the customer to complete these actions.