An effective risk management strategy never slows an organisation down — it makes it go faster. The number of regulations one has to deal with on a daily basis is growing, and if past trends are anything to go by, it is likely to accelerate. Stakeholder, public and investor expectations regarding governance and compliance place an increasing reliance on internal audit to deliver high-quality, focused assurance.
Today, organisations face new, emerging risks across strategic, regulatory, financial and operational business processes. While ORCA recognizes the risks in today’s complex business environment, we strongly believe that the principal challenge lies in identifying the major risks. Once identified, an effective risk management strategy will then provide oversight and guidance to ensure management has proper and effective controls and processes in place to eliminate or mitigate these.
The cornerstone of risk assessment and management is a sound control system. This should forward the organisational objectives of promoting reliability of reporting, the safeguarding of assets, compliance with laws and regulations, and efficiency of operations.
The starting block lies in helping organisations answer some key questions, such as:
- What are your key risks and how they are being managed?
- Do you have overlapping risk functions or gaps in coverage?
- What processes do you have in place to isolate key risks as they arise?
- What is the overall level of sophistication of your financial systems?
- How do you identify emerging risks?
- What is the organisation’s risk appetite and risk tolerance?
- How is your organisation addressing the impact of social media on its operations and people?
A rapid assessment of the answers to these questions allows us to integrate and improve risk controls. When assessing the controls within an organisation, we look at:
- The overall control environment, including key business intelligence systems
- Any significant deficiencies in accounting systems or personnel and how best to implement improvements
- Processes to test the integrity of new or revised systems
- Material deficiencies detected by external auditors and the design of a corrective timetable.
ORCA provides support to the Board in signing off on risk in full compliance with the requirements of the King Report on Corporate Governance as well as Combined Assurance.
Some elementary symptoms of governance fatigue to watch out for include: immature risk management processes result in boards not focusing on key issues, or spending too much time on non-core issues; ineffective corporate governance results in the incorrect balance between executive and non-executive directors, with key business challenges therefore never seeing the light of day; inadequate controls and systems may result in wasted investment in new systems which fail to deliver the expected results.