Case Study: Risk Management Services Supporting Sustainable Growth and Operational Resilience

Background on Case Study Risk Management Services

An authorised financial services organisation in a competitive dynamic environment was witnessing a high rate of expansion in many areas of its business. Since the organisation had increased its product offerings, client base, and operational geographic area, the senior management realised that the current risk management practices could no longer sustain the increased scale and complexity of operations.

Although the risk issues were considered on the operational level, no single enterprise-wide risk management structure was implemented. Risk identification, assessment and mitigation efforts were done in a patchy manner across the departments and this hampered the efforts by the management to get a consolidated picture of risk exposures of the key forms of risks.

The organisation has contracted our Risk Management Services to design and execute a systematic, proportionate, and scalable risk management framework to increase governance and decision support to enhance long-term sustainability in the best-practice and regulatory anticipations.

Issues and Challenges

The organisation had experienced some of the interrelated risk management issues that are of concern to expanding and controlled organisations.

Broken risk ownership was one of them. Risks were dealt with separately in different teams, which led to the inconsistency of the definition of risks, duplication of controls, and ambiguity on accountability. This complicated risk interdependency comprehension and prioritisation of mitigation by the senior management.

There was also a problem of poor visibility of risk. The management did not have a clear picture of the solutions to critical strategic, operational, financial, and compliance risks in the organisation, as no structured risk register or standardised methodology of assessment existed.

Complexity was also caused by regulatory expectations. Being a controlled body, the organisation was supposed to exhibit sound governance of risk, good internal controls and active risk management. These expectations were not consistently and formally addressed in the practices that existed.

Another issue was the operational resilience. There had also been an increase in business continuity, dependence on technology, and dependence on third parties, but risk assessment in these fields were not done in systematized ways.

Lastly, the organisation aimed at instilling risk awareness without causing excessive bureaucracy. The management required a risk management system that would not interfere with expansion and innovation, but instead facilitate making commercial decisions.

Objectives

The main aim of the engagement was to create a holistic and realistic risk management framework that will be able to sustain the growth of the organisation and comply with the requirements of the governance and regulatory environment.

In particular, it was the target of the organisation to:

• Establish a methodology of risk identification and evaluation.
• Define risk ownership and responsibility in the organisation.
• Improve management control by improving risk reporting.
• Enhance internal controls and reduction measures.
• Instill the risk awareness in the strategic and operational decisions.

The involvement was aimed at developing a balanced system that could grow as the organisation grows in scale and complexity.

How We Helped

We took a systematic and feasible approach to risk management advisory, which is customized to the business model of the organisation, regulatory environment and expansion goals.

We have started with a risk landscape assessment. In collaboration with the top management and major stakeholders, we were able to determine strategic, operational, financial, compliance, and reputational risks that were applicable to the operations of the organisation. This process made the process of risk identification all inclusive and consistent with the actual operations in the real world.

We have then devised a standardised risk assessment methodology, which includes the articulate definitions of risk likelihood, impact, and tolerance. This not only made risks to be evaluated on a similar basis across business units, but made it possible to compare and prioritize them meaningfully.

According to this methodology, we helped to create a risk register at the enterprise level. Ownership of each risk was clearly identified, any existing control was recorded and the remaining risk was determined. This gave the management a consolidated picture of the important risk exposures.

The engagement was much concerned about governance and oversight arrangements. Our advice was on the risk governance structures such as risk committees at the management level, escalation process, reporting lines to the top leadership or the board.

We also assisted in the increase of risk mitigation and control structures. This involved revising and enhancing policies, procedures, and internal controls associated with high-priority risk areas of operational resilience, third-party risk, compliance risk, and financial controls.

We helped in the design of sensible risk reporting templates and key risk indicators to aid in the continuous monitoring of risks. These instruments helped the management to monitor the risk patterns, the cropping up problems, and the efficiency of the mitigation strategies in the long run.

During the engagement, we put a great focus on the integration of risk awareness into the day to day operations. This involved consultancy on the inclusion of risk factors in strategic planning, project approvals, and decision-making processes.

Value Delivered

The case study demonstrates the way professional Risk Management Services could empower organisations to become resilient in their operations, improve governance, and make informed decisions.

The engagement also assisted the organisation to shift its risk practices that were disjointed to integrated enterprise-wide practices through a systematic and proportional strategy. The management had better visibility on critical risk exposures, enhanced accountability, and better confidence in handling uncertainty.

The risk management framework that was created in this engagement offered a scalable base to spread in the future due to the continued growth, regulatory demands, and the resilience of organisations.