Ways of Identifying Risk

Some Simple Ways to Identify Risks

Sometimes the most simple way to identify risks for your business is by reviewing your business plan and processes then questioning yourself what are the areas that will go wrong. 

Use the 4Ws to assist you. Ask yourself:

• when, where, why and how are risks likely to happen in your business?
• are the risks internal or external?
• who might be involved or affected if an incident happens?

The following are some useful techniques for identifying risks.

Ask 'what if?' questions

Thoroughly review your business plan and ask as many 'what if?' questions as you can. Ask yourself what if:

• you lost power supply?
• key documents were destroyed?
• your premises was damaged or you were unable to access it?
• one of your best staff members quit?
• your suppliers went out of business?
• the area your business is suffered from a natural disaster?
• the services you need, such as roads and communications, were closed?

Brainstorm

Brainstorming with different people, such as your accountant, financial adviser, staff and other interested parties, will help you get many different perspectives on risks to your business.

Analyse other events

Think about other events that have, or could have, affected your business. What were the outcomes of those events? Could they happen again? Think about what possible future events could affect your business. Analyse the scenarios that might lead to an event and what the outcome could be. This will help you identify risks that might be external to your business.

Assess your processes

Use flow charts, checklists and inspections to assess your work processes. Identify each step in your processes and think about the associated risks. Ask yourself what could prevent each step from happening and how that would affect the rest of the process.

Consider the worst case scenario

Thinking about the worst things that could happen to your business can help you deal with smaller risks. The worst case scenario could be the result of several risks happening at once. For example, someone running a restaurant could lose power, which could then cause the food to spoil. If the restaurant owner was unaware of the power outage or the chef decided to serve the food anyway, customers could get food poisoning and the restaurant could be liable and suffer from financial losses and negative publicity.

Once you've identified risks relating to your business, you'll need to analyse their likelihood and consequences and then come up with options for managing them.

BIfrost Tech Sdn Bhd - Penang Based ERM Consultancy Company. Contact us at support@bifrostech.com

Risk Management for Project Management

Bifrost Advisory Can Assist in Risk Management for Project Management

Risk management is crucial for project management and should be developed in the planning stage of the project. Bifrost Advisory can help develop a risk registry which acts as a central storehouse for all risks identified in a project. The registry provides a structure in which all the underlying problems facing the project team are captured. Necessary actions are then taken to diminish the probability and severity of the identified problems. 

These risks may come from several sources such as: resistance to change, failure to deliver products in time or the pharmaceutical project exceeding the budget.

 Bifrost Advisory can assist the project manager in routinely manage a risk registry during the development programs.  Bifrost Advisory continually adding new risks while reviewing the existing ones. The risk items are appraised on regular bases by the project team so that actions to lessen or alleviate risks can be taken.

 

BIfrost Tech Sdn Bhd - Penang Based ERM Consultancy Company - Your Consultant for Risk Management
Call us for a risk management training for your board of directors to fulfil Bursa's training requirements for directors. support@bifrostech.com

Enterprise Risk Management Training for Listed Company Directors in Malaysia Available At Bifrost Advisory

Malaysia Code of Governance (March 2012) extract :

8 Principles under the New Code (Board Level)

Principle No. 6 – Recognize and Manage Risks

•Risk Management Framework

(Board & Senior Management Team (“SMT”)

Internal Control Systems (Board, SMT and Heads of Department

The Board should determine:-

•the Company’s level of risk tolerance;

•Actively identify key business risk;

•Assess key business risk; and

Monitor key business risk

The Board should be committed to:-

•Articulating the Company’s Internal Control System;

•Implementing its Internal Control System; and

Reviewing its Internal Control System

ERM concept is available just by googling online. Concepts are easy to convey but how do you actually implement ERM ? Bifrost Advisory is able to provide an overview of Enterprise Risk Management and give you a "How-To" step by step guide in implementing ERM at Board Level and Management Level. In addition, the Directors are able to meet the annual requirement of directors' training.

Check us out at http://bifrostech.com/ERM.aspx#.UqE6IdJHLuQ or email yxianteh@bifrostech.com

Enterprise Risk Management - GOVERNANCE RISK & COMPLIANCE CONSULTING

GOVERNANCE RISK & COMPLIANCE CONSULTING

OPTIMIZING RISK FOR GREATER RETURNS

BIFROST360˚ GRC practice since its inception has been providing advisory and implementation services that enable our customers to meet their governance, risk management, and compliance goals. These services are applicable to a wide variety of industry verticals, including banking and Financial Services, Health care and Life sciences, Retail, Manufacturing, Utilities, Media and Entertainment, Hi-tech etc.

CLIENT CHALLENGES

In the era of stringent corporate governance, new regulatory requirements have increased the challenge of compliance. All organization, regardless of size, are struggling to comply with these regulations as well as effectively managing their enterprise risk. The cost and effort to establish, maintain and prove compliance are very high, and could ideally be devoted to enhancing the growth of the business.

 

WHAT BIFROST360˚ GRC CONSULTING PRACTICE PROVIDES

The BIFROST360˚ GRC practice includes both business domain and technology experts that deliver a unique combination that is essential for successful GRC program in an organization. Our experience working with the customers and our deep domain knowledge have allowed us to develop solutions that help companies meet regulatory compliance requirements, automate GRC processes, and fully leverage the capability of the GRC technology solution.

 

The range of compliance advisory and implementation services span across regulations such as Sarbanes-Oxley, HIPAA, FDA, PCI-DSS compliance, Federal Identity compliance, NERC compliance to best practice implementation approach like Information Security (ISO 27001), IT Governance (COBIT), Enterprise Risk Management implementation (COSO) etc. Over a period of time, the BIFROST360  GRC team has developed a mature framework that has been successfully deployed in various GRC engagements.

BIFROST360˚ GRC Advisory and Implementation Framework

The major focus of the BIFROST360 GRC consulting practice is to provide functional consulting that addresses multiple compliance and risk management challenges along with reducing the costs in meeting these requirements. This requirement is met by specialized GRC management software for effective assessment, recovery and optimization. BIFROST360  GRC practice has collaborated partnership with leading tool vendors for their GRC automation platform to be used as technology solution for implementing and managing GRC programs.

 

The Integrated approach through automated GRC platform enables organizations to meet the following objectives:

 

• Governance: Breakdown organizational, functional and process “silos”. Ensuring that sound governance structure is in place so that the right information is available with right people at right time.

• Risk: Integrate risk management with strategic planning and maintain a 360 degree view of organizational risks and effectively allocate resources to address them.

• Ethics and Compliance: Establish practices and a culture to prevent misconduct inspire desired conduct, detect problems and improve outcomes.

• Finance: Reduce cost and optimize how the capital allocation to GRC is done so that it is better aligned to the business.

• Technology: GRC platform is an enterprise compliance management application, for organizations to streamline their policy management, risk management, and compliance initiatives, include internal audit, and control testing, remediation and ongoing compliance lifecycle management. The central management tracks required tasks and costs associated with compliance. Integrations with continuous control monitoring applications, provides visualization of automated detected and preventive controls.

• Audit: Go beyond financial processes and assess the design and operation of controls for GRC and ethics efforts throughout the enterprise.

• Core Processes: Embed sound GRC practice in all lines of business and core processes so that business owners and operators are accountable for GRC success

 

INDUSTRY VERTICAL AND HORIZONTAL CONSULTING SERVICES

VERTICAL SERVICES

• LIFE SCIENCES & HEALTHCARE

  • FDA
  • HIPAA (Privacy & Security)
     

  ENERGY & UTILITIES

  • NERC
  • FERC
  • EH&S
  • Operational Risk Management
     

• BANKING & FINANCE

  • Basel II, 2.5, III
  • Sarbanes Oxley
  • Anti Money Laundering
  • MIFID
  • SEPA
  • Fair Credit Reporting
  • Patriot Act

• RETAIL

  • PCI-DSS

HORIZONTAL SERVICES

• INFORMATION SECURITY COMPLIANCE

  • ISO 27001:2005
  • Federal Identity Management
  • Segregation of Duties (SoD)
  • Role Based Access Control
  • Asset Management & Compliance
     

• GOVERNANCE, RISK MANAGEMENT & AUDITS

  • SOX Business Controls & IT General Controls
  • COBIT Consulting
  • Enterprise Risk Management using COSO framework
  • Operational Risk Management
  • Internal Audit & Reporting
     

• BUSINESS CONTINUITY & DISASTER RECOVERY

  • Business Continuity Management & Compliance
  • DR drills & coordination
  • BCP Audits

BENEFITS

Key benefits of the BIFROST360˚ GRC ‘advisory' & ‘technology' solution include:
 

• BIFROST360˚ delivers out-of-box solutions that allow organizations to implement a best in class enterprise governance, risk & compliance program.

• BIFROST360˚ provides knowledge and experience from working with many customers. The BIFROST360˚ GRC consultants leverage their deep domain and vertical compliance expertise yielding superior competency in specific areas of GRC, as well as, how to best leverage technology to automate GRC processes.

• BIFROST360˚ proprietary IP content includes predefined process libraries, controls and risk registers for specific compliance and risk management requirements. The BIFROST360˚ compliance content significantly increases the customer's ROI on GRC investments.

• BIFROST360˚ compliance best practices provide organizations a world-class GRC compliance program framework. Customers benefit from a well-defined implementation maturity model roadmap; designed in creating a common, scalable compliance platform for every regulatory and policy driven initiative.

• BIFROST360˚ helps embed sound GRC practice into all lines of business and core business processes, enabling business owners and managers the ability to more effectively manage their compliance initiatives.

• Reduced TCO by offering GRC in managed services model.

BIfrost Tech Sdn Bhd - Penang Based ERM Consultancy Company. Contact us at support@bifrostech.com

A Review of Enterprise Risk Management Practices among Malaysian Public Listed Companies

The risk sphere in business is fast changing and expanding. Almost anything has become a risk factor that will have potent, direct, and far reaching impacts on business. This article examines the intensity of enterprise risk management (ERM) practices among the Malaysian public listed companies. The article spouses a ERM framework comprising fourteen important implementation elements and processes. Results of the analysis
indicate that the intensity of ERM implementation among the respondents is in the ‘good’ category of the semantic scale, which is deemed encouraging vis-à-vis the country’s regulatory regime.

In an age of frequent spates of terrorist incident occurrences, fierce global competition, economic shocks and corporate governance challenges, business risks have never been greater. This adverse environment compounded with an increasing number of high-profile corporate governance scandals have resulted in corporations facing huge amount of financial losses globally. In the aftermath of which have even threatened the solvency of the corporations concerned. A case in point is the recent United States financial meltdown in 2008 triggered by the sub-prime mortgage crisis had seen the tumbling of giant institutions like the Fannie Mae, Freddie Mac, Lehman Brothers, Merrill Lynch, and the American Insurance Group.
The consequences of the crisis were far reaching and crossboundary. Although it started out as the “sub-prime crisis” in the United States in 2007, the impacts mushroomed into a fullblown global recession in 2008 and the remnant effects of which could still be felt in 2010. These incidents have highlighted the urgent need for global corporate entities to put in place a strong and effective risk management mechanism
within their business models to ensure minimum loss and business continuity disruption in the event of similar incidents recurring. The aim of this paper is to examine how public listed companies (PLCs) in Malaysia perceive and manage those risks that emerge in their enterprises by examining the intensity of enterprise risk management practices among the PLCs.

Bifrost Tech - www.bifrostech.com - Malaysia GLC ERM Consulting Company

Enterprise Risk Management (ERM) Practices Among Government-Linked Companies (GLCs) in Malaysia Part 1

It is interesting to note that Enterprise Risk Management (ERM) as a new concept of managing risks holistically, is relatively new in Malaysia. Nevertheless, such a concept has been gaining ground over the past years and the overall scenario seems to be changing for the better. While the ERM concept is expected to enhance shareholders value, many more business entities appear to be interested in adopting and implementing ERM. Although the ERM concept receives much attention from businesses and industries in Malaysia, in practice, the overall development and practical application of ERM has been rather limited.
Importantly, scholarly research activities in this particular area of interest are totally lacking hence the essential need for this empirical study. Such a study incorporates an industry survey which comprises twenty eight Government Linked Companies (GLCs) in Malaysia.

Enterprise Risk Management (ERM) as an increasingly popular concept in this part of the world is indeed a relatively new term that is catching much attention among businesses and industries today as it is viewed as the ultimate approach to effective Risk Management. In a practical sense, ERM is designed to increase the boards and senior management’s ability to oversee the overall portfolio of risks facing an enterprise. ERM also provides a significant source of competitive advantage for those who can demonstrate a strong ERM capability and strength.

However, evidence shows that the ERM concept is still not widely practiced in Malaysia despite having received much attention over the past years. It is rather important to note that scholarly research and empirical evidence in relation to the determinants of such a concept is obviously lacking. Equally important, it must be highlighted that several reasons have been cited for the companies’ non-involvement in ERM program. The reasons include organizational structure that are not conducive to ERM, individuals who do not want to give up their specific responsibilities, a lack of understanding in respect of how to effectively
implement ERM and measure the benefits, and also difficulties in measuring risks and correlations across risks within the company.

Bifrost Tech - www.bifrostech.com - Malaysia GLC ERM Consulting Company

What is Enterprise Risk Management (ERM)

Enterprise risk management (ERM) in business includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall. (ERM)

ERM can also be described as a risk-based approach to managing an enterprise, integrating concepts of internal control, the Sarbanes–Oxley Act, and strategic planning. ERM is evolving to address the needs of various stakeholders, who want to understand the broad spectrum of risks facing complex organizations to ensure they are appropriately managed. Regulators and debt rating agencies have increased their scrutiny on the risk management processes of companies.

Bifrost Tech - Malaysia GLC ERM Consulting Company