IERP® No Comments

What’s all the fuss about?

What’s all the fuss about?

As a form of crisis management, business continuity management (BCM) has evolved since the 1970s in response to the technical and operational risks that threaten an organisation’s recovery from hazards and interruptions. All business ventures have hazards and disruptive factor with which to contend. All manner of disasters can and do happen which can lead to loss of confidence by clients and customers further compounded by the fact that competitors may take advantage of your misfortunes. Often production and even data systems would have been disrupted leading to huge losses for stakeholders, employees and even to the community. Read more

IERP® No Comments

The True Value of Business Continuity – A Paradigm Shift from ROI to VOI

The True Value of Business Continuity –
A Paradigm Shift from ROI to VOI

We jump-started 2019 with our first tea talk of the year by Mr. Allan Lee, Director of Consulting Services at Friday Concepts (International) as well as Head of the BCM Faculty at IERP, who spoke on the value of business continuity management (BCM) through the lens of Value on Investment (VOI). VOI helps measure the total value of “soft” or intangible benefits derived from continuity initiatives in addition to those “hard” benefits measured by ROI. Its approach is critical to allow funding for continuity planning efforts that provide the competitive differentiation necessary in today’s dynamic business landscape.

Business continuity is defined as getting your business up and running at the quickest time possible, with minimal losses to your business. Mr. Allan highlighted current perceptions concerning BCM. According to The Resilience Gap Report 2017, even though 96% of those surveyed believed that business resilience SHOULD BE a core element of their company’s overall business strategy, only 54% claim that business resilience is a focus. This statistic proves that although BCM is recognized among businesses it is not comprehensively integrated and practiced by organisations as intended because BCM does not support a strong ROI.

Read more

IERP® No Comments

Corporate Culture and Risk Culture: The Chicken or The Egg?

Corporate Culture and Risk Culture: The Chicken or The Egg?


Last week, the IERP held a Chief Risk Officer Networking Group (CRONG), where Mr. Khairul Azwa, director of risk and compliance at a prominent GLIC, spoke on his experiences developing the risk culture in his organization. With a background in banking, he had started as a treasury dealer, eventually going on to become a risk manager at one of the GLICs in Malaysia. One of the challenges that he faced was setting a new risk management department from scratch. A task that he gave himself three to five years to develop. At the company, he noticed two traits that were ingrained in their DNA, firstly they have a strong culture of service and secondly, they cannot afford to make mistakes as that will have repercussions on not only the company, but also on careers, stakeholders and the country. Read more

IERP® No Comments

Top 10 Skills for Succeeding in Enterprise Risk Management

Top 10 Skills for Succeeding in Enterprise Risk Management

Many have the impression that risk managers just focus on the technical aspects of risk. While the technical is important, it is just one of the aspects in Enterprise Risk Management (ERM). There are many skills needed to succeed in ERM but it is not just about number crunching, ‘challenging’ others, validating internal controls, any form of internal or external auditing, or EHS specialism. ERM is not all about identifying risk either. During our Tea Talk on 16 October, Mr. Ramesh Pillai, IERP® Chairman of the Board of Governors, spoke on the importance of EQ and soft skills in ERM. EQ and soft skills, while often vastly underrated, are what will differentiate the experienced, effective risk managers from the average ones.


These are the top 10 EQ and soft skills a Risk Manager or Risk Practitioner needs in order to succeed in Risk Management:
Read more

IERP® No Comments

Creating Value out of Enterprise Risk Management

Creating Value out of Enterprise Risk Management

At our Tea Talk session on 12th September, IERP® faculty member Zaffarin Zanal gave a featured talk on Creating Value out of ERM. Zaff started off by stating that—to strong murmurs of agreement across the room of risk practitioners—implementing ERM is hard.  The typical difficulty with implementing ERM is that while risk professionals understand the value for ERM, the top management (as well as the rest of the organization) might not readily see its value. Zaff noted that when something has perceived value, psychologically there is a ‘pull factor’ to it. It doesn’t require much forceful selling (the ‘push  factor’).

He shared that from the results of a 2017 ERM Benchmark Survey which showed that whilst enterprise risk management is a ‘popular’ framework being implemented in organizations, management and line managers are still quite resistant to it. The challenge lies in establishing that pull factor when risk management is so often seen as tedious, bureaucratic, and expensive. To treat this particular ‘acceptance risk’, it is important to understand the potential causes. Read more

IERP® No Comments

3 Benefits of Developing Emotional Intelligence as an Enterprise Risk Practitioner

3 Benefits of Developing Emotional Intelligence as an Enterprise Risk Practitioner

In implementing enterprise risk management in your organisation, people will be your most important resource. It doesn’t matter whether you are seeking to establish or support enterprise risk management in your organisation, making strategic decisions for your company, or managing the talent.  Establishing a good network of working relationships is essential to your success as a risk practitioner, and developing your emotional intelligence is what will enable you to influence top decisions and culture in your organisation – without using overly aggressive, fear-based tactics.

Emotional intelligence is more than just being a decent human being (though some have trouble with that, too). It is the ability to understand emotions, both yours and others’, so that you can manage your behaviour and have healthy connections with others. Some are predisposed to having more emotional intelligence than others. However, it is a set of skills that can be developed and improved upon to the benefit of your career growth as well as your job effectiveness. Read more

IERP® No Comments

Is there Practical Use to the Statement on Risk Management and Internal Control (SORMIC)?

Is there Practical Use to the Statement on Risk Management and Internal Control (SORMIC)?

In Malaysia, the Statement on Risk Management and Internal Control (SORMIC) is a requirement from the Securities Commission, in accordance with the Malaysian Code of Corporate Governance (MCCG) 2017. On 14th September 2018, a Tea Talk was held at the IERP® International Secretariat, featuring a presentation crafting an effective and practical SORMIC – by Mr. Ramesh Pillai, Group Managing Director of Friday Concepts Risk Consulting.

The MCCG and Defining “Risk Management”

Speaking on the MCCG 2017 as a guidance document for the SORMIC, Pillai notes that its main contributors/authors were auditing/accounting bodies; there were no contributions by risk practitioners. He drew attention to Principle B in the MCCG, where the Intended Outcome of a Risk Management and Internal Control Framework is that:

“Companies make informed decisions about the level of risk they want to take and implement necessary controls to pursue their objectives.

The board is provided with reasonable assurance that adverse impact arising from a foreseeable future event or situation on the company’s objectives is mitigated and managed.” Read more

IERP® Team No Comments

Distinguishing Between ERM and ORM Approaches

Distinguishing Between ERM and ORM Approaches

On May 4, over 20 professionals from across industries attended a Tea Talk session at the IERP® International Secretariat. Our keynote speaker for this session was Mr. Ramesh Pillai, Chairman of the Board of Governors of the IERP® and Group Managing Director of Friday Concepts, an ERM, GRC, and BCM boutique consultancy. Speaking on distinguishing between Enterprise Risk Management (ERM) and Operational Risk Management (ORM) approaches, he aimed to dispel common misconceptions of the two related but different approaches.

He noted that more attention has been placed on Operational Risk as of late as a result of geopolitical volatility and technological disruptions. The possible escalation of conflict and the deterioration of interstate ties, for example, are genuine concerns that would have far-reaching effects across the interconnected global economy. With a large range of risk factors to consider, an organization can face up to thousands of risks at a time, most of which are constantly changing and need to be re-evaluated as such. In such an environment, it is essential that risk management moves from a siloed approach towards a more integrated and dynamic one.

Read more