-Рубрик?/strong>

 -Поис?по дневнику

Поис?сообщени??viorica75

 -Статистика

Статистика LiveInternet.ru: показано количество хито??посетителе? title=
Создан: 22.07.2016
Записе? 5137
Комментариев: 101
Написано: 5294

6 steps to manage risks and drive performance

Дневни?/a>

Суббот? 21 Ок?бря 2017 ? 23:12 + ?цитатник

By Sabine Vollmer 

October 21, 2015

Companies have made progress in keeping enterprise risk management top of mind, but most have yet to take all the steps necessary to identify and pursue risks that drive performance, according to EY’s 2015 global governance, risk, and compliance survey.

Of the nearly 2,000 board audit committee members, senior executives, and assurance and compliance executives who participated in the survey, 97% said their companies have made progress in linking risk management and business objectives, but only 16% considered them closely linked.

Respondents recognise the need to better identify and evaluate emerging risks and to adapt their company’s business strategy accordingly. Eighty-five per cent said opportunities exist to further improve the linkage between risk and business performance. But 77% limited their ability to adjust their business strategy to the changing risk landscape, because they evaluated their company’s risk profile annually instead of continuously.

“Companies get all tied up in identifying the risks, assigning ownership, and getting mitigation and action plans, and they forget about the education and keeping it top of mind with the people doing the work today,” said Lynn Fountain, CPA (inactive), CGMA, a consultant and former chief audit executive who is working as a contractor at Kansas City, Missouri-based accounting firm Mayer Hoffman McCann.

Companies must find ways to embed strategic thinking so that all process owners in the company understand how and when they can take advantage of risk, Fountain said. “It has to be spread throughout the organisation.”

Also, companies should be aware of other limitations, she said. For example, territorial struggles may erupt as to who should manage a risk, which would make execution of the best plans difficult.

To better take advantage of risks worth taking, to prevent counterproductive risks, and to be prepared for external risks that are outside of the company’s control, EY recommends these six steps:

  1. Identify and assess risks that impact business strategy. To identify new and emerging risks, companies need to routinely evaluate their business strategies and determine the level of risk they can handle to generate value. Each identified risk should then be assessed in strategic and business planning discussions and its likelihood, potential impact, or time to realisation determined.
  2. Design a risk response to reduce the downside and take advantage of the upside potential. Once key risks are classified as strategic, preventable, or external, they can be aligned with the company’s risk appetite to figure out what amount of risk is acceptable. A cost-effective and efficient risk response plan helps balance the mitigation of risk with the expected benefits of the strategic programme.
  3. Align the functions to execute the organisation’s risk response strategy. Identify the three lines of defence to define clear ownership and accountability for risk activities. This enables a company to validate risk coverage and foster a culture in which all parties understand their role in executing the company’s risk strategy. In a sound risk culture, the tone from the middle tier of management is aligned with tone from the top tier. Governance and business models support the delivery of desired risk behaviours and enable strong accountability and effective challenge. The risk-management framework is embedded in the way the business manages risk. And employee incentives support the delivery of desired risk-management behaviours.
  4. Develop risk processes to facilitate better co-ordination, communication, and reporting. Risk-management policies and processes are integral to influencing behaviours, co-ordinating activities, establishing communication protocols, and facilitating risk reporting.
  5. Design solutions that prevent, balance, or limit risk. Design risk and control frameworks that seek to eliminate preventable risks from arising and that can be monitored and tested to deter or detect preventable risks if they arise. Companies balance and manage strategic risks through solutions such as risk modelling and analytics, which enables them to monitor the risk exposure in real time and adjust the business strategy accordingly. Stress-testing, scenario planning, and war-gaming enable companies to assess the impact of outside forces on their business strategy, determine how to limit the external risks, and help bring the company back to business as usual.
  6. Implement technologies to effectively execute and sustain solutions. For risk prevention, optimise internal control frameworks to eliminate duplication and automate controls. Also, adopt continuous process monitoring solutions to further enhance and automate controls and to improve the second line’s and the third line’s ability to monitor internal controls. Scorecards, dashboards, and other forms of reporting, such as monitoring key risk indicators and key performance indicators, provide the board and executive management visibility into the risks that affect business strategy and the business’s risk profile.

Related CGMA Magazine content:

4 Ways to Better Handle Enterprise Risk Oversight”: Surveys that focus on executives at small and mid-size enterprises suggest that many organisations have begun to strengthen their processes to handle emerging enterprise risks, but only one-third of the enterprise risk oversight programmes in the rest of the world are mature.

Why Risk-Management Leaders Generate Higher Profits”: Executives and corporate directors believe business uncertainties and threats are increasing, a PwC survey suggests. The survey results explain how improved risk-management programmes can improve financial performance.

Five Barriers Restricting Risk-Management Progress”: Only about 15% of companies see a strong link between their enterprise risk management (ERM) processes and their business strategy, according to a survey conducted by the ERM Initiative at North Carolina State University.

Sabine Vollmer ([email protected]) is a CGMA Magazine senior editor.

 

https://www.cgma.org/magazine/2015/oct/manage-risks-drive-performance-201513224.html
Рубрик?  ВНУТРЕННИЙ КОНТРОЛЬ/INTERNAL CONTROL/Risk management

Метк?  

5 tips to better manage rapidly changing enterprise risks

Дневни?/a>

Суббот? 21 Ок?бря 2017 ? 23:03 + ?цитатник

By Sabine Vollmer 

July 4, 2017

Executives are aware that the risks businesses face have increased and become more complex in the past five years, but most companies aren’t fully equipped to manage the rapid changes, according to research released by the Enterprise Risk Management Initiative at North Carolina State University’s Poole College of Management and the Association of International Certified Professional Accountants.

About 60% of the 586 CFOs, finance professionals, and other executives who participated in the global surveysaid that enterprise risks have become more numerous and more interconnected. Many respondents reported actual events, or operational surprises, in the past five years – 71% in Africa and the Middle East; 53% in Europe and the UK; 46% in Asia, Australia, and New Zealand; and 32% in the US. But less than one in three said their companies have robust enterprise risk oversight.

Companies in Asia, Australia, and New Zealand appeared the most prepared, the survey suggests. Thirty per cent of respondents in the region said they have complete ERM processes in place, and 23% described risk management oversight as mature.

“This region has historically been a leader in risk management best practices, suggesting a business culture there that is in tune with the benefits of improved risk management thinking,” said Mark S. Beasley, CPA, a professor of enterprise risk management, the ERM Initiative’s director, and a co-author of the study.

Enterprise risk oversight was least robust in Europe and the UK, where 21% of respondents said they had complete ERM processes in place or described risk management oversight as mature. In the US and in Africa and the Middle East, about one-quarter of the respondents reported they are fully prepared.

Businesses’ risk management efforts have improved in the past decade. Seven years ago, 16% of US respondents and 39% of respondents from outside the US called their ERM oversight robust. Still, considering the rising potential for harm as well as business opportunities, most companies could benefit from strengthening their ERM approach, Beasley and co-author Bruce C. Branson said.

“Implementation of an ERM process can provide a framework for an enhanced understanding of the risk environment the entity is facing and hopefully an opportunity to identify emerging risks before they have the potential to significantly impact the entity,” said Branson, a professor of accounting and the associate director of the ERM Initiative.

The survey identified three main barriers to improving companies’ ERM approach:

  • About half of the respondents believe they do not have sufficient resources to ensure their ERM processes work well, especially those in Europe and the UK (52%) and in Africa and the Middle East (53%).
  • Other, competing business priorities restrict improvement of ERM processes, particularly in the US (46%) and Europe and the UK (45%).
  • ERM processes are perceived as unneeded bureaucracy and lacking in value, especially in the Africa and Middle East region (47% and 41%, respectively).

“Many see risk management as a compliance or bureaucratic initiative that isn’t focused on adding value,” Beasley said. “They forget the fundamental relationship of risk and return, which is demonstrated in their failure to integrate their risk management efforts with their strategic management efforts.”

About half of respondents said they consider risk exposures when they evaluate possible new strategic initiatives. One likely reason is a lack of useful data, the survey found. About one-quarter of the companies participating in the survey do not maintain inventories of their key risk exposures.

The survey results suggest that lack of leadership may be another hurdle, especially in Europe and the UK where only 42% of participating companies had a management risk committee (64% in Asia, Australia, and New Zealand; 56% in the US; 53% in Africa and the Middle East).

Also, fewer than half of the companies participating in the survey have a formal policy statement regarding their enterprise-wide approach to risk management, except in Asia, Australia, and New Zealand (57%). And in most regions, risk management activities are used only rarely to determine compensation for management performance (20% in Asia, Australia, and New Zealand; 15% in Europe and the UK; and 13% in the US).

In Africa and the Middle East, a region that respondents perceived as most risky, 29% of participating companies tied performance-based compensation to risk management.

Educating business leaders more about ERM and helping them to communicate what they learn might be beneficial, Beasley and Branson suggested.

Most companies (80% or more) have not focused on providing executives formal training or guidance on risk management in the past two years, the survey found.

To better manage the rapidly changing enterprise risks, Beasley and Branson offered executives five tips:

  1. Be willing to admit that you may be facing a lot of unknown issues and understand that enterprise risk management is an evolutionary process that will yield more insight as it is refined and tailored to a specific organisation.

  2. Ask your peers to identify the top five strategic initiatives and the top five to ten risks likely to derail them. Ask them to bring their lists to an executive meeting and engage them in a conversation. Determine whether there is a consistent and coherent understanding amongst them that managing top risk exposures can lead to opportunities that create value.

  3. Identify the key assumptions in senior executives’ business models and challenge how confident they are that their assumptions are reasonable and will not change.

  4. Recognise that enterprise risk management does not require significant new resources.

  5. Assess the company’s overall culture and how it might affect risk management. Determine to what extent individuals understand the processes they should use to escalate risk issues to the top and to what extent they are willing to deploy ERM.

Sabine Vollmer ([email protected]) is a CGMA Magazine senior editor.

 

 

https://www.cgma.org/magazine/2017/jul/how-to-manage-enterprise-risks-201716987.html
Рубрик?  ВНУТРЕННИЙ КОНТРОЛЬ/INTERNAL CONTROL/Risk management

Метк?  

 Страницы: [1]