Each business operates in a dynamic environment and given the markets’ growth and structure, elements of risk are inherent. This article elaborates on ‘Risk Management Framework’.
The board should recognize the importance of identifying and controlling risks and ensure that required internal controls and procedures have been established and are designed to safeguard assets and interests of the company to ensure the integrity of reporting.
Risk management is a process effected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise and designed to identify potential events that may affect the entity and manage risk to be within its risk appetite to provide reasonable assurance regarding the achievement of entity objectives.
Purposes of Risk Management Framework
- Facilitate proactive risk management;
- Enhance understanding of all risks faced by the business;
- Facilitate the prioritization of risks; and
- Enhance the effectiveness of risk-management activities
This will allow us to make better business decisions through a focus on risk and return, which in turn will enhance the value of the business and preserve its soundness and profitability over time.
Risk-management deals with risks and opportunities affecting value creation or preservation and takes a broad perspective on identifying the risks that could cause an organization to fail to meet its objectives.
Objectives of Risk Management Framework
- Endorse a structured approach to identify current and future potential risks to the organization;
- Mandate a risk-management framework to evaluate each risk for its likelihood and impact;
- Establish and maintain a system of internal controls to promote effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations;
- Mandate the allocation of each risk to a risk category so that appropriate governance structures and policies and procedures can be developed and implemented;
- Facilitate the making of informed decisions including the prioritization of identified risks consistent with risk tolerance;
- To facilitate the monitoring and reporting on the status of all risks to the risk committee and the board of directors; and
- Provide reasonable assurance concerning the organization’s ability to achieve its strategic and business objectives.
Roles and Responsibilities
Different persons, functions, and departments within an organization maintain specific responsibilities relating to the risk-management framework.
Let’s look at four roles and their responsibilities in further detail.
Role of The Board of Directors
The board of directors has the responsibility for overseeing all risks associated with the activities of a business and establish a strong internal-control environment and risk framework that fulfills the expectations of stakeholders of the organization.
The board reviews the risk management framework and policy statement periodically depending on the circumstances facing the organization.
Role of Risk Management Committee
The risk-management committee provides an overall assessment of risks impacting the activities of the company and should meet on a periodic (quarterly) basis or sooner if events warrant a meeting. The risk-management committee is responsible for the following activities:
- The risk-management committee monitors the overall process of evaluation and assessment, the progress of evaluation of control effectiveness, key control deficiencies observed, and countermeasures to address these. Monitoring would also include significant changes in the assessment of key risks or new risks identified if any;
- Review and approve modifications to existing policies, procedures, risk appetite, and other risk parameters on a periodic (at least annual) basis; and
- The committee is responsible for a comprehensive review of this policy document on an annual basis.
Usually the CEO, CFO, head of investments, and other key functional heads including legal, risk, and compliance are the members of a risk-management committee.
Role of the Head of Risk Management
Head of risk management function has overall responsibility for the development and implementation of risk-control principles and frameworks. Risk and control breaches limits and processes across all categories of risks faced by the organization.
Key responsibilities of the head of risk management include:
- Providing the overall leadership, vision, and direction for enterprise risk management;
- Establishing an integrated risk management framework for all aspects of risks across the organization;
- Developing risk-management policies including the quantification of management’s risk appetite;
- Developing risk-assessment methodology that is aligned with business objectives at the strategic, tactical, and operational level;
- Ensuring effective information systems exists to facilitate overall risk management within the institution; and
- Developing the analytical systems and data-management capabilities to support risk management
Role of Function Heads and Risk and Control Owners
Risk and control owners are the personnel who are best placed to influence and manage the risk/control sectors or are best placed to report on risk and control. On an ongoing basis, risk and control owners monitor their areas for new risks and events or assess changes in risk exposure as well as carry out a periodic assessment of controls in line with the above.
Specifically, risk and control owners within business units and departments are responsible for:
- Ongoing identification and evaluation of risks within the business and operations;
- Selecting and implementing risk measures on a day-to-day basis if necessary;
- Managing certain specified risks under the guidance of the risk-management committee;
- Reviewing the effectiveness, efficiency, and suitability of the risk-management process and addressing potential weaknesses; and
- Maintaining efficient and cost-effective risk-handling mechanisms or control frameworks in line with changes in the business
As we all know, all companies face risks, and without them, rewards are unlikely. Effective risk management can add a tremendous value to any organization. Specifically, companies that are operating in the investment and financial industry rely heavily on risk management as a foundation that allows them to prevent ML/TF risks.