Coordinating risk management around risks that matter – The value of assurance


A hazard can be anything – whether work materials, equipment, work methods or practices – that has the potential to cause harm.


A risk is the chance, high or low, that somebody may be harmed by the hazard.

Risk assessment

Risk assessment is the process of evaluating risks to workers’ safety and health from workplace hazards. It is a systematic examination of all aspects of work that considers:

  • what could cause injury or harm;
  • whether the hazards could be eliminated and, if not;
  • what preventive or protective measures are, or should be, in place to control the risks.


Risk management is not the responsibility of a single department — it is the responsibility of everyone, from the chief executive down. Past corporate failings have been attributed to lack of accountability, strategy and transparency.

Tougher expectations by regulators and other stakeholders now mean that corporates and financial institutions should demonstrate better discipline, control and responsibility. Failure to keep on top of and comply with existing and emerging regulation could jeopardize reputations and livelihoods. How robust is your government, risk and compliance program?

Financial risks have probably never been more acute. Capital reserves, credit portfolios, investment policies and capital and debt profiles all demand constant scrutiny to adequately manage and mitigate risk.

Companies should also be vigilant about risks presented by suppliers. A counterparty who defaults on a contract, or whose business collapses, can have serious financial and reputational ramifications for connected parties.

Fraud risks can also increase when cash is tight. Some employees become more opportunistic — and external hackers more resourceful. They find security lax in areas of the business that used to be better resourced … and they strike. Are your systems and policies sufficiently robust to ward off the risk of fraud?

At the same time, many companies are more likely to pursue litigation for losses that they would otherwise endure in more prosperous times. Disputes arise as they seek to apportion blame to other parties for inappropriate or negligent behavior that results in financial or business loss. Could you end up as instigator or defendant in a litigation case?

With all these demands, internal audit is in many companies often elevated from pure compliance to a function that regularly reviews the risk profile for emerging risks and identifies trends as it keep its finger on the pulse of business performance. The chief risk officer, meanwhile, becomes increasingly involved in strategic decision-making where the emphasis is as much on risk as it is on growth.

The main objective of risk management, which depends largely on the willingness to take risk and expected rate of return, is reduction of losses and increase of revenues or margins of the company.

A systematic approach to managing risks is the key to success

Risk is an inevitable part of business. When making business decisions, entities should be aware of the risk associated with the decision. Most entities have this awareness. The issue is only how consciously they take appropriate steps to mitigate the risk to ensure that decisions made would produce the desired effect for the company. The solution may be to implement a comprehensive risk management process, namely the introduction of a system and a comprehensive solution based on a systematic approach to the identification, categorization, evaluation and proactive optimization of all risk groups facing the company to create the company value.

Quite often risk cannot be eliminated entirely

According to the commonly accepted risk definitions, it may be defined as a combination of the event likelihood and its impact, which may affect positively or negatively on the achievement of business goals and a business strategy execution. Knowledge of estimates regarding the likelihood and impact of an event gives the opportunity to take appropriate actions to mitigate the risk. In this respect, the risk should be considered as an inherent risk and residual risk, that after the application of possible or partial control measures and the best practices in dealing with it, and taking into account cost component, is still real.

Boards need assurance that the risk culture in the organisation is robust and that risks are being managed effectively. This is particularly important following the financial and economic crisis and a series of scandals across other sectors. These risks include not only financial and operational risks but also IT, social, environmental, ethical and regulatory risks, to name but a few.

Risk committees and separate risk functions are required by regulation in some sectors, notably financial services. In others, where risks are complex or high, separate oversight of the executive’s risk management structures and activities may still be essential. A firm commitment by the organisation’s leaders to risk management through the creation of a risk function can ensure there is adequate professional expertise to maintain and develop best practice, sending a clear message to managers at all levels that they need to take responsibility for mitigating risk.

In all cases it is important that boards consider how they receive assurance on risk across their organisations from all sources, both internal and external, and ensure that there are no gaps or overlaps.