Risk Management
Author:
John Moody
[Excerpt] In late 2001, Andersen Dublin completed a detailed survey of risk management practices in Ireland's leading organisations. The purpose of the survey was to review current practice in relation to risk management and Internal Audit and identify trends for the future. The information for the survey was supplied by organisations via a comprehensive questionnaire created specifically for the purpose.
This article summarises the results of the survey and is intended to provide a balanced overview of risk management and Internal Audit in Ireland's leading organisations, considering the current status, anticipated trends and perceived opportunities and challenges for these functions.
In particular, given recent developments in the banking industry and the Central Bank's request for every bank in Ireland to conduct an independent verification of their risk management and control procedures, these areas are coming under ever greater scrutiny and the findings of this survey should be of wide interest to the management and directors of most organisations.
In our view, best practice Enterprise Wide Risk Management (EWRM) is a structured and strategic discipline. It aligns people, process, technology, and knowledge in order to evaluate and manage the risks and uncertainties an organisation faces. Our survey indicates that organisations across all sectors of industry have developed a formalised risk management process to some degree. However, all respondents have indicated that their risk management frameworks need to be strengthened over the next three years. In particular, increased formality is required in relation to defining organisations' risk management strategy, goals, and policies and procedures.
Risk management departments are expected to become broader in terms of the scope of their activities. They are expected to expand to include such areas as managing business, insurance, IT, treasury, operational, environmental and ethical risks. This finding is consistent with our global research in the area of Enterprise Wide Risk Management where the most progressive of organisations are moving towards an approach to risk management that is holistic and pervasive throughout the organisation. However, respondents do not feel that their current activities in the various areas of risk management are particularly effective, and in addition they do not anticipate significant improvement over the next three years. This must be extremely worrying for management and indicates that urgent action is called for to drive the necessary improvements.
In the short term our survey indicates that respondents need to strengthen their risk management capabilities and performance in the following areas:
â?¢ developing risk models for their organisations and using other risk management techniques and tools, such as workshops, risk scoring and voting, and risk maps;
â?¢ developing capabilities to source and prioritise risks;
â?¢ embracing risk avoidance stratagems rather than placing reliance on retaining and reducing the risks that are found;
â?¢ increasing the use of benchmarking and external information;
â?¢ developing the supporting information systems and being able to measure aggregate risk performance;
â?¢ and, on an overall basis, risk management activities need to be further embedded within the organisations' processes, and further integrated into the organisations' overall strategy.
Accountancy Ireland Vol 34 No 3 June 2002