2. Management of risk is a responsibility
of management.
Mitigation of risk comes from good
management, financial controls and
an ETRM.
Risks can be treated, transferred,
terminated or tolerated.
2
3. Risk Analysis is always an ongoing,
internal conversation.
Usually starts with a Risk Matrix which
assesses risk magnitude and likelihood,
against mitigations.
Risk Analysis is a Swiss legal
requirement and the results of analysis
must be reported in the financial
statements.
3
4. ERM is the modern approach.
Full implementation according to
guidelines, can be a little over the top for
small to medium companies.
Puts management of risk at the heart of
governance.
All risks are assessed with equivalent,
methodical approach. New risks are
systematically identified.
Three lines of defence (front line
controls/compliance and review/ internal
audit).
4
5. Lots of ways of classifying risks.
For this slide pack we will distinguish between.
5
Financial Risks can be tackled with record keeping, financial
controls and good processes.
Operational Risks can be monitored with good reporting.
Strategic Risks are for management only.
Financial Risks
• Reporting
• Banking Compliance
• Market
• Credit etc
Operational Risks
• Shipping/ Storage
• Reputation etc
Strategic Risks
• Legal
• Political
• Competition etc
6. 6
Project Benefits
Diagnostic Review
• Documentation and assessment of the current
business process.
• Highlights key controls.
• Output includes a risk matrix for business
processes.
Identifies
dangerous control
gaps!
Risk Review
• Requires collaboration from senior staff.
• Identifies all finance, operational and strategic
risks faced by the company.
• Basis of required disclosures in financials.
Most important
step towards
satisfying
directors’ legal
obligations re risk.
Capability check on ETRM Implementation
• Upgrade users competence levels
• Supply useful reports
• Boost efficiency
Get full rewards
from a potent
Aspect set-up
7. The ETRM Capability Check could be done as part of the Diagnostic Review.
The Diagnostic Review covers only Financial Risks.
The Risk Review covers Financial, Operational and Strategic Risks.
The scope of a diagnostic review is the following.
To review and compare the client’s current usage of the system against current best
accepted practice, and in particular, the extent to which the system is:
1. Supporting ongoing trading activity;
2. Aligned to existing and preferred business processes;
3. Producing management information which supports the decision-making needs of
key decision makers;
4. Interfacing and integrating successfully to other key IT systems;
5. Structured and implemented to support potential growth programmes.
7