Arshad No Comments

Risk Culture: What Drives It?

Risk Culture: What Drives It?

It may be just one word but it comes with many definitions. Risk means different things in different corporate cultures, so it really helps to understand as wide a range of cultures as possible. The wider your horizons, the better your understanding of what makes people tick, and knowing what drives them is imperative to helping them realise their full potential – which ultimately benefits the business. But the most important culture to understand is the one you have to operate in here and now, and getting a handle on your organisational culture is a pre-requisite to  making it work for you. Read more

Arshad No Comments

Corporate Ethics: The Organisational-Individual Overlap

Corporate Ethics: The Organisational-Individual Overlap

One needs personal integrity to be able to act in an ethical manner. More often than not, situations which require ethical judgement are the hardest to identify, manage or mitigate.

The principles of ethics can be taught but ethical behaviour can only be developed over time, and provided there is the desire to do the right thing from the very beginning. It helps to have strict guidelines initially but at the end of the day, the consequences and repercussions of a strict ethics-oriented decision can sometimes be hard to live with. There is always the possibility that the wrong decision was made, but the ones with the worst consequences may be avoided if careful thought is given to defining the dilemma accurately (or as accurately as possible), given the constraints at that moment in time. Read more

IERP® No Comments

5 Reasons to Get Certified as an Enterprise Risk Manager

5 Reasons to Get Certified as an Enterprise Risk Manager

As risk management is a relatively young discipline without an identifiable career path, those who forge a path in their respective industries can provide both their career and organization with a competitive advantage. Some wonder whether going through a certification program is worth the time and effort, but here are five reasons to consider:

The high demand for talent in the field
Though every organization can benefit from a robust risk function, it’s often only regulated sectors such as banking and insurance that will have established one. At the same time, risk management is increasingly becoming formalised and integrated. Organizations see the need for risk management in order to keep up with changing economic and market needs, but leaders are finding it hard to find the right talent to take up the challenge of implementing risk management best practices. Thus, those certified to have a set of skills and knowledge will help you stand out to prospective employers. Read more

IERP® No Comments

4 Considerations for Fraud Risk Management

4 Considerations for Fraud Risk Management

Corporate fraud is a tale as old as time. The total costs of a fraud attempt and the complete set of risks facing a financial institution in the aftermath of a fraud attack often go far beyond the fraud losses itself. That is, organizations must also account for legal costs, investigation costs, reputational risks, as well as eroded confidence and customer loss. An effective fraud framework will include prevention, detection, and deterrence. Organizations often focus on prevention and detection and neglect fraud deterrence, which involves proactive rather than reactive measures. Given the high occurrence and costs of fraud, both financial and reputational, organizations with successful fraud management frameworks in place could have an edge over competitors.

With billions of dollars that can be lost due to fraud, organizations are increasingly concerned with fraud risk management, looking towards a more proactive approach rather than a compliance-driven one. Read on for four important considerations in fraud risk management: Read more

IERP® No Comments

Environmental Risks and Business Continuity Management

Environmental Risks and Business Continuity Management

The World Economic Forum has named climate and other environmental risks as a top global risk for for seven consecutive years. At the same time, leaders at both state and business levels have generally failed to build the sustainability, resilience, and agility needed to handle environmental threats.

According to a 2016 report by ClimateWise, there is a widening gap between insured losses and total economic losses from climate-related natural catastrophes. In 2015, this gap was more than USD 100 billion. Both countries and businesses do not completely understand their risk exposures and thus are inadequately prepared for adverse events. Read more

IERP® No Comments

4 Ways Risk Management has Evolved

4 Ways Risk Management has Evolved

In response to a changing global economy as well as to regulatory and customer demands, risk management has evolved from a reactive and independent function, to one that is increasingly connected to strategic decision-making, with its own developing standards and best practices. In short, risk management has undergone considerable development: broadening its scope from just credit, market, and operational issues. Enterprise Risk Management (ERM) is currently the most advanced iteration of risk management, and seeks to improve on conventional approaches while taking into account current and future needs.
Read more

IERP® No Comments

Cybersecurity Oversight in the Boardroom

Cybersecurity Oversight in the Boardroom

A little more than a year ago, Equifax disclosed to the public that it had experienced a cyberattack, during which hackers stole the names, Social Security numbers, birthdates, and addresses of 147.7 million Americans – more than half the US population. Since then, other major data breach incidents have been reported worldwide, involving—among many other entities—Facebook, fitness tracking app Strava, Adidas, Under Armour, and identification authority Aadhar (compromising the personal information of all 1.1 billion Indian citizens registered under its service).

By now, it should go without saying that cybersecurity is not just an IT issue. Cybersecurity requires enterprise-wide awareness and effort. Cyberattacks hurt a company’s reputation and can lose your customers’ and suppliers’ trust: it can be difficult to shake off the public view that your organization is unreliable or inefficient.

Read more

IERP® No Comments

Business Impact Analysis: 5 Tips for Accuracy

Business Impact Analysis: 5 Tips for Accuracy

business-continuity-managementA Business Impact Analysis is a critical component of a Business Continuity Management framework – required to understand the organization’s interdependencies and full range of operational complexities.

The goal of a Business Impact Analysis (BIA) is to identify the crucial business functions that will be affected in the event of a natural or man-made disaster. BIA findings allow leaders to set up recovery priorities, plan out recovery strategies, allocate the appropriate resources, and determine important metrics such as Recovery Time Objectives (RTO), a measure of the maximum time within which business functions should recover as close to normal during disaster recovery. Read more

IERP® No Comments

Global Conference Highlight: Using Enterprise Risk Management as a Strategic Tool

Global Conference Highlight: Using Enterprise Risk Management as a Strategic Tool

A common excuse given by those who are not convinced of the use of risk management is that there is ‘no time’ for it, especially if management often has to make quick decisions. However, Leonard Ariff Abdul Shatar, Group Managing Director of CCM Duopharma Biotech, notes that many mistakes (and the subsequent costs) could have been avoided if additional thought and effort had been put in. As a public-listed company, it’s a requirement for CCM to have a risk management function. For CCM Duopharma Biotech, risk management was split up as it was thought that the audit function was overshadowing it.

At CCM Duopharma Biotech, Leonard Ariff faced the monumental task of reshaping the business to resolve issues relating to ageing products as well as ageing assets. A key part of the strategy was to move into biosimilar medicine, which is medicine that is highly similar to their reference product (distinct from generics, which are exactly identical to their reference product). In order to build the capabilities required of this endeavor, the company needed to establish partnerships with companies already in the field — CCM had concluded that building in-house capabilities would take 8-9 years. Read more

IERP® No Comments

Towards an Objective-Centric Approach to Risk Management

Towards an Objective-Centric Approach to Risk Management

With Enterprise Risk Management becoming increasingly institutionalized, global best practices are continually under revision as international standards-setting bodies such as ISO or COSO seek to improve on ERM methods and guidelines. A core development in recent years has been the recognition that an objective-centric approach to ERM yields greater outcomes compared to the traditional taxonomy approach. At the same time, the constant evolution of ERM practices means that there is often a gap where organizations are slow to correct outdated methodologies – due to the complexity and resources required to change existing processes, structures, and culture.

Conventional risk management is based on taxonomies, which create an often inductive process for risk assessment. Risk is identified and aggregated into a static and ‘stable’ set of categories, then prioritized according to likelihood and impact. The limitation to this approach is that risk is not stable. While taxonomies allow for a certain level of customization across different business units, their success and efficiency is predicated on the use of a standard and somewhat rigid set of categories and shared language – ultimately ineffective for large corporations facing wide-ranging risk complexities. Read more