Futureproof organisations need to identify, understand and address their risks and, if possible, turn them into opportunities
For any type or size of organisation, sound management with strong strategic and operational decision making requires a tailored risk management approach. After all, successfully defining and realizing strategic objectives depends on the timely identification and mitigation of the related inherent risks.
Guided by the COSO framework (Committee of Sponsoring Organisations of the Treadway Commission), providing standards on Enterprise Risk Management (ERM 2017), we help our clients to set up a tailored, cost-effective risk management approach. Often we address the risks in categories such as strategical, operational, compliance, financial and reputational. Not only do we ensure that the client has a good view on the organization’s risk landscape, we also ensure that a risk policy and methodology is implemented to ensure that the risks are effectively managed at the right level in the organization.
How Grant Thornton can help you
To help our clients to set-up or enhance their maturity in risk management, the following elements can be taken into consideration:
- developing a risk management policy and methodology, based on the organization’s risk appetite and risk tolerance
- adding a risk assessment approach to the strategic decision making process and a risk management approach to key risks in view of the realization of strategic objectives
- defining the functions involved in the monitoring, management and reporting on risks (roles and responsibilities)
- preparing the organization’s risk landscape and mitigation strategy for top risks (e.g. top 10). We can do this by conducting interviews or facilitating risk workshops to identify key risks, assess their impact and likelihood and assist in developing an action plan
- avaluating the existence and effectiveness of different assurance providers within risk management (e.g. through assurance mapping and the IIA three lines model)
- avaluating the adequacy and effectiveness of the existing risk management approach.