Managing Enterprise Risk
Managing risk at the enterprise level requires the board and executive management to identify and manage those events that might stop an organisation from achieving their stated objectives.
From a practical viewpoint within the Australian regulatory and corporate governance landscape this means operating a risk management function within the context of a risk management framework. For Australian companies and increasingly international corporations, this means understanding and leveraging the International Standards Organisations ISO 31000:2009 – Risk Management framework.
Our experience is centred on the ISO 31000:2009 – Risk Management framework. We have credible experience and practical methods for companies seeking to implement, align, improve or measure their risk management capabilities in the context of:
- ASX Principle 7: "Recognise and Manage Risk"
- APRA's Prudential Standard for General Insurers – GPS 220
- Board or executive directions for risk management capabilities, reporting and outcomes
At a practical level we advise boards, board risk committees and executive management as they seek to:
- Identify, analyse and validate strategic and operational risks
- Perform Audit compliance with regulatory risk management requirements at a policy, framework and operational level
- Develop a roadmap, focus and momentum for implementation of risk management capabilities
- Build and embed a risk management culture through education and measurement
- Understand the gaps in current risk management capabilities
- Align and focus internal audit programs on key risk areas
- Improve reporting to board, management and assurance providers on risk management outcomes
- Identify and implement a risk management technology platform
- Embed risk management into the organisational practices and processes in an effective manner