IERP® No Comments

The True Value of Business Continuity – A Paradigm Shift from ROI to VOI

The True Value of Business Continuity –
A Paradigm Shift from ROI to VOI

We jump-started 2019 with our first tea talk of the year by Mr. Allan Lee, Director of Consulting Services at Friday Concepts (International) as well as Head of the BCM Faculty at IERP, who spoke on the value of business continuity management (BCM) through the lens of Value on Investment (VOI). VOI helps measure the total value of “soft” or intangible benefits derived from continuity initiatives in addition to those “hard” benefits measured by ROI. Its approach is critical to allow funding for continuity planning efforts that provide the competitive differentiation necessary in today’s dynamic business landscape.

Business continuity is defined as getting your business up and running at the quickest time possible, with minimal losses to your business. Mr. Allan highlighted current perceptions concerning BCM. According to The Resilience Gap Report 2017, even though 96% of those surveyed believed that business resilience SHOULD BE a core element of their company’s overall business strategy, only 54% claim that business resilience is a focus. This statistic proves that although BCM is recognized among businesses it is not comprehensively integrated and practiced by organisations as intended because BCM does not support a strong ROI.

Read more

IERP® No Comments

Corporate Culture and Risk Culture: The Chicken or The Egg?

Corporate Culture and Risk Culture: The Chicken or The Egg?


Last week, the IERP held a Chief Risk Officer Networking Group (CRONG), where Mr. Khairul Azwa, director of risk and compliance at a prominent GLIC, spoke on his experiences developing the risk culture in his organization. With a background in banking, he had started as a treasury dealer, eventually going on to become a risk manager at one of the GLICs in Malaysia. One of the challenges that he faced was setting a new risk management department from scratch. A task that he gave himself three to five years to develop. At the company, he noticed two traits that were ingrained in their DNA, firstly they have a strong culture of service and secondly, they cannot afford to make mistakes as that will have repercussions on not only the company, but also on careers, stakeholders and the country. Read more

IERP® No Comments

Creating Value out of Enterprise Risk Management

Creating Value out of Enterprise Risk Management

At our Tea Talk session on 12th September, IERP® faculty member Zaffarin Zanal gave a featured talk on Creating Value out of ERM. Zaff started off by stating that—to strong murmurs of agreement across the room of risk practitioners—implementing ERM is hard.  The typical difficulty with implementing ERM is that while risk professionals understand the value for ERM, the top management (as well as the rest of the organization) might not readily see its value. Zaff noted that when something has perceived value, psychologically there is a ‘pull factor’ to it. It doesn’t require much forceful selling (the ‘push  factor’).

He shared that from the results of a 2017 ERM Benchmark Survey which showed that whilst enterprise risk management is a ‘popular’ framework being implemented in organizations, management and line managers are still quite resistant to it. The challenge lies in establishing that pull factor when risk management is so often seen as tedious, bureaucratic, and expensive. To treat this particular ‘acceptance risk’, it is important to understand the potential causes. Read more

IERP® No Comments

Is there Practical Use to the Statement on Risk Management and Internal Control (SORMIC)?

Is there Practical Use to the Statement on Risk Management and Internal Control (SORMIC)?

In Malaysia, the Statement on Risk Management and Internal Control (SORMIC) is a requirement from the Securities Commission, in accordance with the Malaysian Code of Corporate Governance (MCCG) 2017. On 14th September 2018, a Tea Talk was held at the IERP® International Secretariat, featuring a presentation crafting an effective and practical SORMIC – by Mr. Ramesh Pillai, Group Managing Director of Friday Concepts Risk Consulting.

The MCCG and Defining “Risk Management”

Speaking on the MCCG 2017 as a guidance document for the SORMIC, Pillai notes that its main contributors/authors were auditing/accounting bodies; there were no contributions by risk practitioners. He drew attention to Principle B in the MCCG, where the Intended Outcome of a Risk Management and Internal Control Framework is that:

“Companies make informed decisions about the level of risk they want to take and implement necessary controls to pursue their objectives.

The board is provided with reasonable assurance that adverse impact arising from a foreseeable future event or situation on the company’s objectives is mitigated and managed.” Read more

IERP® Team No Comments

Distinguishing Between ERM and ORM Approaches

Distinguishing Between ERM and ORM Approaches

On May 4, over 20 professionals from across industries attended a Tea Talk session at the IERP® International Secretariat. Our keynote speaker for this session was Mr. Ramesh Pillai, Chairman of the Board of Governors of the IERP® and Group Managing Director of Friday Concepts, an ERM, GRC, and BCM boutique consultancy. Speaking on distinguishing between Enterprise Risk Management (ERM) and Operational Risk Management (ORM) approaches, he aimed to dispel common misconceptions of the two related but different approaches.

He noted that more attention has been placed on Operational Risk as of late as a result of geopolitical volatility and technological disruptions. The possible escalation of conflict and the deterioration of interstate ties, for example, are genuine concerns that would have far-reaching effects across the interconnected global economy. With a large range of risk factors to consider, an organization can face up to thousands of risks at a time, most of which are constantly changing and need to be re-evaluated as such. In such an environment, it is essential that risk management moves from a siloed approach towards a more integrated and dynamic one.

Read more