{"id":3910,"date":"2019-07-31T08:49:19","date_gmt":"2019-07-31T08:49:19","guid":{"rendered":"https:\/\/cafr.sdone.ro\/en\/?p=3910"},"modified":"2019-07-31T08:49:21","modified_gmt":"2019-07-31T08:49:21","slug":"eight-steps-to-establish-a-firm-risk-management-program","status":"publish","type":"post","link":"https:\/\/www.cafr.ro\/en\/eight-steps-to-establish-a-firm-risk-management-program\/","title":{"rendered":"Eight Steps to Establish a Firm Risk Management Program"},"content":{"rendered":"\n<h1 class=\"wp-block-heading\">Eight Steps to Establish a Firm Risk Management Program<\/h1>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/6069270ab00fbdf6f66e-fdf3d356c5827c7b633f9c9c0112d03f.ssl.cf1.rackcdn.com\/ifac\/images\/icon-comment.jpg\" alt=\"\"\/><\/figure>\n\n\n\n<p>by <a href=\"https:\/\/www.ifac.org\/global-knowledge-gateway\/author?author=37201\">Christopher Arnold<\/a>, Head of SME\/SMP and Research, IFAC and <a href=\"https:\/\/www.ifac.org\/global-knowledge-gateway\/author?author=44547\">Monica Foerster<\/a>, Chair, IFAC SMP Committee | July 21, 2019 | <\/p>\n\n\n\n<p>Risk management is critical for all firms, including \nsmall- and medium-sized practices (SMPs). This is both in terms of \nprotecting the assets, finances and operations of the firm and \ncontributing to satisfactory legal compliance, corporate governance and \ndue diligence. Effective risk management will protect the reputation, \ncredibility and status of the firm.<\/p>\n\n\n\n<p>It is important to\n establish a risk management \u201cculture\u201d in the firm. This emphasizes the \nimportance of managing risk as part of each staff member\u2019s daily \nactivities at all levels of the firm. The goal of creating a risk \nmanagement culture is to create a situation where partners and staff \ninstinctively look for risks and consider their impacts when making \neffective operational decisions.<\/p>\n\n\n\n<p>This article is part \nof a risk management series covering the benefits and steps of \nestablishing risk management program. The second article will highlight \n10 steps for successful risk management and the third focuses on \nbusiness continuity planning and risk mitigation strategies. The \narticles are a result of discussions at recent <a href=\"https:\/\/www.ifac.org\/about-ifac\/small-and-medium-practices\/about-smp-committee\">IFAC SMP Committee<\/a>\n meetings, which involves practitioners from around the world sharing \ntheir perspectives and insights and material included in the <a href=\"https:\/\/www.ifac.org\/publications-resources\/guide-practice-management-small-and-medium-sized-practices-3?utm_source=IFAC%20Main%20List&amp;utm_campaign=069d780c46-SMP_Press_Release_9_14_169_13_2016&amp;utm_medium=email&amp;utm_term=0_cc08d67019-069d780c46-80393677\">Guide to Practice Management for Small- and Medium-Sized Practices<\/a>,\n which includes a whole module on risk management, including \nprofessionalism and ethics, client engagement, quality control and \nbusiness continuity planning and disaster recovery.<\/p>\n\n\n\n<p>Implementing a risk management program provides many benefits, including:<\/p>\n\n\n\n<ul><li>More effective strategic planning;<\/li><li>Better cost control through enhanced workflows, client evaluation and engagement processes;<\/li><li>Increased profitability through better client and job controls;<\/li><li>Reduced risks of litigation as a consequence of processes and contingency plans;<\/li><li>Increased knowledge and understanding of exposure to risk;<\/li><li>A systematic, well-informed and thorough method of decision-making;<\/li><li>Less disruption and less rework through better understanding of process by all staff in the firm; and<\/li><li>Setting the scene for continual improvement within the firm.<\/li><\/ul>\n\n\n\n<p><strong>Establishing a Risk Management Program<\/strong><\/p>\n\n\n\n<p>Eight steps to establishing a risk management program are:<\/p>\n\n\n\n<ol><li><strong>Implement a Risk Management Framework based on the Risk Policy<br><\/strong>When\n developing the firm\u2019s risk management framework, consideration should \nbe given to the services offered, marketing and communication, staff and\n human resources issues, information and resource management, regulatory\n obligations, IT issues and security, succession planning, acceptance \nand continuance of clients and cash flow management.<br><br><\/li><li><strong>Establish the Context<br><\/strong>Consider\n the goals and objectives of the firm and the environment in which it \noperates (e.g. cultural, legal and operational). Identify internal and \nexternal stakeholders (e.g. clients, personnel, consultants, agents, \ninternal systems, third parties, suppliers, etc.).<br><br><\/li><li><strong>Identify Risks<br><\/strong>Identify\n existing and potential risks as well as existing controls. The \npotential risks can be categorized as services performed, contract risk,\n acceptance or continuance risk and performance risk.<br><br><\/li><li><strong>Analyze and Evaluate Risks<br><\/strong>Analyze\n and evaluate the risks on a continuing basis. This involves a \ncomparison of exposure levels against a predetermined tolerance level, \nthe degree of control, potential or actual losses and benefits and \nopportunities presented by the risk. One of the simplest models to \nidentify the cost of the controls and their adequacy is to consider the \nlikelihood of occurrence of an event and the consequences of that event \ne.g. Risk = Likelihood x Consequence.<br><br>In assessing the level of \nthe risk and identifying high and low risks, the process should include \nthe firm\u2019s existing and anticipated areas of practice; the composition, \nexperience and expertise of the firm; the management and internal \ncontrol procedures; the likelihood of being sued and the process to \nassess new and existing clients.<br><br>When assessing the kind of risks\n the firm is exposed to, it is important to consider both the internal \nrisks and the external risks. Internal risks may include staff, the \nbusiness premises and location, threats to goodwill and reputation and \ninformation technology. External risks may include clients and both \ncurrent and potential competitors.<br><br><\/li><li><strong>Treat and Manage Risks<br><\/strong>Develop\n strategies to manage the identified risk. Options can include \naccepting, avoiding, transfer (in part or full), reducing the likelihood\n and\/or consequence and retaining the risk. Action plans can be \ndeveloped based on the current levels of risk exposure, benefits from \nactions\/ controls, the duration of time to implement actions and the \navailable budget.<br><br>In areas identified as high risk, actions may \ninclude reconsidering that area and its development, retraining staff \nand reviewing the engagement with clients. Risk management procedures \ncan include:<br><br><ul><li>Clarity on the terms of the engagement;<\/li><li>Obtaining adequate insurance and controlling claims once they have occurred;<\/li><li>Maintaining accurate documentation;<\/li><li>Ensuring timeliness of action and diary systems;<\/li><li>Only practicing in those areas where there is sufficient expertise; and<\/li><li>Implementing strict selection criteria for clients and consultants or agents used.<br><br><\/li><\/ul><\/li><li><strong>Communicate and Consult<br><\/strong>Communicate\n and consult with all parts of the firm, as well as outside parties, to \nensure that all are kept well informed. For example, to avoid having to \nassume responsibility for the client\u2019s risk-taking, advise the client in\n writing of relevant dates and consequences in the event of failure by \nthe client to act. This will transfer the risk of noncompliance back to \nthe client to act and\/or follow-up.<br><br><\/li><li><strong>Monitor and Review<br><\/strong>Monitor\n and review the risk management strategies on an ongoing basis. Over \ntime, new risks are created, existing risks are increased or decreased, \nrisks no longer exist, the priority of risk may change or the risk \ntreatment strategies may no longer be effective. Monitoring should \ncomprise: monitoring existing risks, identifying new risks, identifying \nany trouble spots and evaluating the effectiveness of current risk \ntreatment strategies.<br><br>Monitoring ensures that new measures are \nintroduced to control new risks as these emerge. Ongoing review is \nrequired to ensure that strategies remain relevant, and that the overall\n risk control position is relative to the potential costs of the risk.<br><br><\/li><li><strong>Record<br><\/strong>Keep\n a written record of all policies and procedures, including \ndocumentation of the assessment process, major risks identified and the \nmeasures designed to reduce the impact of these major risks. Failure to \ndocument policies can lead to breaches in performance due to \nmisunderstanding or misinterpretation. A written set of policy \nstatements supplied by documented procedures provides a constant \nreference, a guide to action and a framework for checking that the \noperations are conducted in the manner intended by the firm.<\/li><\/ol>\n","protected":false},"excerpt":{"rendered":"<p>by Christopher Arnold  <\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.cafr.ro\/en\/wp-json\/wp\/v2\/posts\/3910"}],"collection":[{"href":"https:\/\/www.cafr.ro\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cafr.ro\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cafr.ro\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cafr.ro\/en\/wp-json\/wp\/v2\/comments?post=3910"}],"version-history":[{"count":1,"href":"https:\/\/www.cafr.ro\/en\/wp-json\/wp\/v2\/posts\/3910\/revisions"}],"predecessor-version":[{"id":3913,"href":"https:\/\/www.cafr.ro\/en\/wp-json\/wp\/v2\/posts\/3910\/revisions\/3913"}],"wp:attachment":[{"href":"https:\/\/www.cafr.ro\/en\/wp-json\/wp\/v2\/media?parent=3910"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cafr.ro\/en\/wp-json\/wp\/v2\/categories?post=3910"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cafr.ro\/en\/wp-json\/wp\/v2\/tags?post=3910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}