Risk Advisory Services - Enterprise Risk Management - BDO Canada

www.bdo.ca/RASrisk advisory servicesEnterprise RiskManagementAchieving organizational success throughongoing risk management strategiesThe changing landscape of the business worldhas led to the implementation and establishmentof strict regulatory requirements.Companies now find themselves encounteringnew corporate governance and financialreporting challenges which are causing themto view company-wide risk in a differentperspective.As a result, these changes require both publicand private companies to re-evaluate all of thepossible risks that could threaten their viabilityor success. Thus, enterprise risk management(ERM) strategies and best practices are quicklyascending to the top of many corporate agendas.What is ERM?ERM is a general, ongoing operationalassessment which identifies potential risksthat could prevent a company from meetingits strategic goals and objectives. It is aninitiative that delves deeper than a basic riskassessment; because it is continuous in nature,it helps to provide an organization with theflags and markers it needs to keep it on course,steering it away from potential trouble.As the size, structure and nature of businessesdiffer, so do organizational ERM needs.However, a common thread can be foundbetween both businesses big and small: Allorganizational divisions, are responsible formitigating risks in its area of business usingstrategies and processes outlined by thecompany’s main risk management team.Doing this means the company will be ableto not only mitigate risk, but proactivelymanage inherent risks which could drive theorganization to new heights of success.In regards to ERM strategy and focus,organizations will typically fall in to one oftwo categories; those which implement acomplete, all-encompassing program or, thosewhich choose to implement elements of ERMon an ad hoc basis. Both offer significantbenefits and repercussions which must becarefully assessed and evaluated prior to anyform of implementation. Whichever pathyou choose, make sure it is the right courseof action for your organization; it shouldhelp your business meet critical goals andobjectives; and will steer your companytowards success.Benefits of a formal ERM strategy• Creates a culture of risk awareness withinthe organization• Enables better business performance• Promotes achievement of goals andobjectives• Strengthens the internal controls structure• Establishes accountability for goals andobjectives as well as risk mitigationDisadvantages of a formal ERM program• Over-engineering of risk assessments andrisk response• Possible risk paralysis• Competing priorities for risk prioritization• Over-reliance on ERM resultsBenefits of an ad hoc ERM approach• Clear roles and responsibilities• Offer a specific focus – insurable orfinancial risks• Easy to understand and plan forCONTACT BDONationalSam Khoury416 369 6030skhoury@bdo.caCentral CanadaCarlo Mariglia416 369 3078cmariglia@bdo.caDavid Knott416 815 3016dknott@bdo.caEastern CanadaPierre Taillefer514 934 7806ptaillefer@bdo.ca

RISK ADVISORY SERVICESDisadvantages of an ad hoc ERM approach• Unidentified and unmitigated risks• Evaluation of risk associated with each goal and objective• Not everyone in the organization views risk management asa priority• The process is not continuous or ongoing and responding to changesCommon forms of risk management in the business environmentMost organizations have already established methods of riskmanagement in their business environments and in daily businessactivities. They may seem simple and basic but they are still proven,substantiated approaches which help mitigate risk. Establishingprocesses and procedures helps an organization achieve corporateobjectives and indirectly mitigate some of the risks that may arise byassociation. Some common examples of this include:• Job descriptions• Segregation of duties• Procedures and manuals• Policies or standards• Financial reporting processes• Monthly reporting processes• Performance appraisal processes• Strategic planning processes• Budget or forecasting• Sales and marketing processesFive important questions you should ask about riskA mounting focus on corporate governance and increasingly stringentlegislative requirements are forcing boards of directors to view, assessand mitigate risk at levels never seen before. Boards are required toparticipate in the development of their organization’s strategic visionand must ensure that the appropriate controls and procedures are inplace to identify and monitor the business risks that naturally arise as aresult of their business strategy.Some key questions to ask about risks and its place in yourorganization are:• How do we incorporate ERM initiatives with strategic organizationalgoals and objects?• What are our primary organizational risks?• What processes are currently in place to identify measure andmanage our primary business risks? Are they effective?• How do we make ERM initiatives a fundamental component ofthe overall operation and function of independently managedbusiness units?• How does the board of directors assume its responsibility for themanagement of risk in the organization?ERM service offerings from BDOOur ERM service offerings range in nature and are specifically designedto meet your organization’s individual needs. Practical and proactiveERM strategies, be it ad hoc or full-scale, can help an organization meetstrategic organizational goals and objectives, and lead to new heightsof success. The BDO Risk Advisory Services team can assist you with thefollowing types of ERM-related projects:• Identifying or validating your business risk registry or universe• Establishing an ERM policy, framework and ERM program, whichseamlessly blends in with the size and culture of your organization• Evaluating your current ERM program or process and provide abenchmark against similar organizations• Facilitating ERM workshops and training within your organizationto enhance your current ERM program and thereby validate orestablish risk rankings• Integrating your ERM program with other established corporategovernance initiatives, such as CEO/CFO certification, businesscontinuity management, internal audit and other initiatives.BDO ERM FrameworkGovernance &Planning01Identify &Rank Risk02Assign &Assess Risks03Monitoring &Reporting04ObjectiveEstablish ERM roles andresponsibilitiesEstablish an ERM programEstablish a risk universe withperiodic risk assessmentAlign risk with businessobjectivesQuantify key risksDetermine risk treatmentstrategiesAssign risk to processownersIdentify key metrics for riskmonitoring and reportingEstablish managementreports for the ERM programDeliverableEstablish an ERM policyEstablish an ERM frameworkRisk registry or risk universeSummary of key risksDepartmental risk reportsDepartmental action plansRisk management reportsAction plan status reportBDO Canada LLP, a Canadian limited liability partnership, is a member of BDO International Limited, a UK company limited by guarantee, and forms part of the internationalBDO network of independent member firms.BDO is the brand name for the BDO network and for each of the BDO Member Firms.