IERP® No Comments

Corporate Culture and Risk Culture: The Chicken or The Egg?


Last week, the IERP held a Chief Risk Officer Networking Group (CRONG), where Mr. Khairul Azwa, director of risk and compliance at a prominent GLIC, spoke on his experiences developing the risk culture in his organization. With a background in banking, he had started as a treasury dealer, eventually going on to become a risk manager at one of the GLICs in Malaysia. One of the challenges that he faced was setting a new risk management department from scratch. A task that he gave himself three to five years to develop. At the company, he noticed two traits that were ingrained in their DNA, firstly they have a strong culture of service and secondly, they cannot afford to make mistakes as that will have repercussions on not only the company, but also on careers, stakeholders and the country. Read more

IERP® No Comments

Top 10 Skills for Succeeding in Enterprise Risk Management

Many have the impression that risk managers just focus on the technical aspects of risk. While the technical is important, it is just one of the aspects in Enterprise Risk Management (ERM). There are many skills needed to succeed in ERM but it is not just about number crunching, ‘challenging’ others, validating internal controls, any form of internal or external auditing, or EHS specialism. ERM is not all about identifying risk either. During our Tea Talk on 16 October, Mr. Ramesh Pillai, IERP® Chairman of the Board of Governors, spoke on the importance of EQ and soft skills in ERM. EQ and soft skills, while often vastly underrated, are what will differentiate the experienced, effective risk managers from the average ones.

These are the top 10 EQ and soft skills a Risk Manager or Risk Practitioner needs in order to succeed in Risk Management: Read more

IERP® No Comments

Creating Value out of Enterprise Risk Management

At our Tea Talk session on 12th September, IERP® faculty member Zaffarin Zanal gave a featured talk on Creating Value out of ERM. Zaff started off by stating that—to strong murmurs of agreement across the room of risk practitioners—implementing ERM is hard.  The typical difficulty with implementing ERM is that while risk professionals understand the value for ERM, the top management (as well as the rest of the organization) might not readily see its value. Zaff noted that when something has perceived value, psychologically there is a ‘pull factor’ to it. It doesn’t require much forceful selling (the ‘push  factor’).

He shared that from the results of a 2017 ERM Benchmark Survey which showed that whilst enterprise risk management is a ‘popular’ framework being implemented in organizations, management and line managers are still quite resistant to it. The challenge lies in establishing that pull factor when risk management is so often seen as tedious, bureaucratic, and expensive. To treat this particular ‘acceptance risk’, it is important to understand the potential causes. Read more

IERP® No Comments

Is there Practical Use to the Statement on Risk Management and Internal Control (SORMIC)?

In Malaysia, the Statement on Risk Management and Internal Control (SORMIC) is a requirement from the Securities Commission, in accordance with the Malaysian Code of Corporate Governance (MCCG) 2017. On 14th September 2018, a Tea Talk was held at the IERP® International Secretariat, featuring a presentation crafting an effective and practical SORMIC – by Mr. Ramesh Pillai, Group Managing Director of Friday Concepts Risk Consulting.

The MCCG and Defining “Risk Management”

Speaking on the MCCG 2017 as a guidance document for the SORMIC, Pillai notes that its main contributors/authors were auditing/accounting bodies; there were no contributions by risk practitioners. He drew attention to Principle B in the MCCG, where the Intended Outcome of a Risk Management and Internal Control Framework is that:

“Companies make informed decisions about the level of risk they want to take and implement necessary controls to pursue their objectives.

The board is provided with reasonable assurance that adverse impact arising from a foreseeable future event or situation on the company’s objectives is mitigated and managed.” Read more

IERP® No Comments

Global Conference Highlight: Using Enterprise Risk Management as a Strategic Tool

A common excuse given by those who are not convinced of the use of risk management is that there is ‘no time’ for it, especially if management often has to make quick decisions. However, Leonard Ariff Abdul Shatar, Group Managing Director of CCM Duopharma Biotech, notes that many mistakes (and the subsequent costs) could have been avoided if additional thought and effort had been put in. As a public-listed company, it’s a requirement for CCM to have a risk management function. For CCM Duopharma Biotech, risk management was split up as it was thought that the audit function was overshadowing it.

At CCM Duopharma Biotech, Leonard Ariff faced the monumental task of reshaping the business to resolve issues relating to ageing products as well as ageing assets. A key part of the strategy was to move into biosimilar medicine, which is medicine that is highly similar to their reference product (distinct from generics, which are exactly identical to their reference product). In order to build the capabilities required of this endeavor, the company needed to establish partnerships with companies already in the field — CCM had concluded that building in-house capabilities would take 8-9 years. Read more

IERP® Team No Comments

Distinguishing Between ERM and ORM Approaches

On May 4, over 20 professionals from across industries attended a Tea Talk session at the IERP® International Secretariat. Our keynote speaker for this session was Mr. Ramesh Pillai, Chairman of the Board of Governors of the IERP® and Group Managing Director of Friday Concepts, an ERM, GRC, and BCM boutique consultancy. Speaking on distinguishing between Enterprise Risk Management (ERM) and Operational Risk Management (ORM) approaches, he aimed to dispel common misconceptions of the two related but different approaches.

He noted that more attention has been placed on Operational Risk as of late as a result of geopolitical volatility and technological disruptions. The possible escalation of conflict and the deterioration of interstate ties, for example, are genuine concerns that would have far-reaching effects across the interconnected global economy. With a large range of risk factors to consider, an organization can face up to thousands of risks at a time, most of which are constantly changing and need to be re-evaluated as such. In such an environment, it is essential that risk management moves from a siloed approach towards a more integrated and dynamic one. Read more