Logo Caption

RISK MANAGEMENT

Development of Internal Risk Management Framework

Activities:

  • Discussions with stakeholders to understand the internal structure, processes, and clientele/business partners
  • Requesting supporting information to establish workflows and draft documents
  • Establishing, together with company stakeholders, the Risk Tolerance/Risk Appetite and the risk treatment options
  • Drafting the risk management framework
  • Reviewing documents with stakeholders
  • Implementing changes resulting from the review

Deliverables:

  • Risk Management Strategy
  • Risk Management Policy
  • Risk Management Methodology - including the Risk Tolerance Matrix
  • Instructions for inter-departmental cooperation, roles and responsibilities
Risk Identification and Assessment

The purpose of the risk assessment is for the organization to determine:

  • how severe a risk is
  • whether any existing control measures are effective
  • what action the Organization should take to control the risk, and
  • how urgently the action needs to be taken.

Activities:

  • Interviews with relevant stakeholders, using a "bottom-up" approach (recommended by RM standards and best practices) to identify potential risks, ensuring that we use the best available information and cover all relevant areas.
  • After identification, we will analyze each risk in detail to determine the probability and potential impact on the company (risk scoring), using a qualitative approach.

Factors to be considered:

  • Number of businesses and processes affected by a certain type of risk;
  • Previous events related to the materialization of a certain risk, with a certain frequency, that produces a certain level of loss;
  • Potential impact of a certain risk to the size and variability of financial results;
  • Planned development of the organization’s activity, including plans to introduce new products or to expand, which may lead to increase exposure to a certain risk;
  • Recently identified irregularities in the management of a certain type of risk;
  • Historical events in your industry, that caused significant losses, despite the unusual occurrence;
  • External factors relating to macroeconomic and demographic environment.

Deliverables:

  • Risk Register (s)- all risk assessment results will be consolidated into a centralized Risk Register (or more, if the case), which will include information on risks, existing controls, risk scores, and recommended treatment options.
Risk Mitigation and Treatment Plans

For significant risks, Action Plans will be established, which include additional measures to reduce these risks, using the ALARP (As Low As Reasonably Practicable) concept.

Activities:

  • Interviews with relevant stakeholders to identify the measures to be taken to reduce risks, the responsible persons, and the implementation deadlines.

  Deliverables:

  • Action Plans, which will include information on risks requiring mitigation, existing controls, measures to be taken to reduce risks, responsible persons, and implementation deadlines.

Employee Training and Awareness Strategies

Can include:

  • Preparation of training materials
  • Interactive training sessions in the form of workshops and simulations (simulating real-life risk scenarios relevant to their roles) for responsible persons involved in the risk management process.
  • E-learning modules: Short and concise online modules that can be completed at the employees' own pace.
  • Internal communication campaigns: Using internal newsletters, intranet articles, and posters to highlight the importance of risk management and share success stories.

Periodical Risk Re-evaluation and Reporting

A comprehensive review of the entire Risk Register needs to be periodically performed to determine whether:

  • The risk management framework and processes are fit for purpose and consistent with the company's objectives and priorities.
  • Risks are managed in accordance with the Risk Register and corresponding Action Plans, as well as the predefined risk tolerance.
  • There have been changes in terms of increasing/decreasing the probability, impact, or even the risk level.
  • Risks are eliminated or new risks have emerged.

The activities performed are similar to the risk identification and assessment phase.

Deliverables:

  • Updated Risk Register(s).
  • Development of Action Plans, where applicable.
  • Preparation of the Reassessment Report, to be presented to the Top Management.

Benefits:

  • Ensures that the risk management framework remains aligned with the company's changing environment and objectives.
  • Identifies new and emerging risks, allowing for proactive mitigation measures.
  • Provides assurance to Top Management that risks are being managed effectively.
  • Demonstrates commitment to good governance and risk management practices.
Risk Monitoring - Long-term cooperation

Monitoring activities are performed to intervene in situations such as:

  • Identification of significant internal changes: Any significant change within the company, its structure, departments, processes, or work systems, etc.
  • Identification of notable incidents: In the event of any events or incidents of any nature (e.g., cyber-attack, data breach, fraud, employee injury, etc.).
  • Adapting measures to changes: If any notable changes have occurred that require adjustments to the measures or even to the risk itself.
  • Identifying the external and internal context and emerging risks: Detecting changes in the external and internal context (economic, geopolitical, etc.) that may require reviewing treatments and reprioritizing risks.

Benefits of Collaboration

  • Reduced risk exposure: Proactive risk management helps reduce financial losses, reputational damage, and operational disruptions.
  • Improved decision making: Data-driven risk assessments and reports enable informed decision-making throughout the organization.
  • Enhanced compliance: My expertise will ensure compliance with relevant regulations (SR ISO 31000 standards and COSO Enterprise Risk Management standard) and multiple industries best practices.
  • Cost-effectiveness: My services offer a cost-effective alternative to hiring a large consulting firm.
  • Scalability: I can adapt my services to accommodate each company’s evolving needs and risk landscape.
Contact Me

Ready to Partner? 

Phone: +40733920484

Email: l.ioanaungureanu@gmail.com

©2024 Guardian Compass, All right reserved.