Risk management is a broad and overarching term. It reaches to and beyond finance, touching every aspect of an enterprise’s operations. Especially for enterprises, the intermingling of all risk-related activities across an organization is important not only to understand, but to build management strategies around.
This methodology is known as enterprise risk management (ERM):
“ERM is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”
Therefore, a holistic approach to risk management is considered to be the standard for risk officers and other members of the executive team.
In this article, we’re listing five ways that businesses can improve their financial reporting and controls risk by creating a plan of action to integrate into their larger ERM processes.
1. Understand the breadth and importance of risk management
As mentioned, risk management is an umbrella term that essentially identifies potential and actual risk and empowers a business with the necessary tools to adequately identify and deal with potential risks such as fraud, material misstatement, and more.
Fraud is a major challenge for most enterprises. COVID-19 proved this to be extraordinarily true. A survey carried out by LIMRA showed that 42% of its respondents had already experienced increases in attempted fraud since the pandemic began.
As noted by the Corporate Finance Institute, assessment and management of risks is the best way to prepare any enterprise for circumstances that may get in the way of progress and growth. When a business evaluates its plan for handling potential threats and then develops those structures to address them, it will inevitably create risk tolerant processes that future-proof the organization. An in-depth risk management plan is also a sign to investors and higher-level stakeholders of the stability of your organization.
In addition, progressive risk management ensures risks of a high priority are dealt with as aggressively as possible. Management will thus have the necessary information that they can use to make informed decisions and ensure that the business remains profitable which, believe it or not, is also important to stakeholders.
2. Decide how to manage risk
There are many ways to manage financial risk, and they can be best summarized using the 4Ts model; transfer, treat, terminate and tolerate.
Risk transfer means to assign an individual, group, or third party to be responsible for the risk. This method absolves the transferer of the risk implications, while compensating the person or entity receiving the risk for taking it on. More often than not, transferring risk simply means getting insurance; for example, an enterprise may work with a commercial insurance entity to offload potential financial risk for themselves, their stakeholders, and investors.
Treating risk is the next layer to consider in a case of financial risk in cases where the risk cannot be offloaded through insurance or other means. This is done by performing actions that reduce the likelihood of the risk occurring or minimizing its impact before it inevitably occurs. The best way to treat risk is to ensure that your team is equipped to predict and handle these risks as they come up. Training your team is vital.
The next method to manage risk is through terminating. Just like with treating risk, terminating risk is achieved by altering processes or practices to eliminate the risk completely. This could mean removing the process or area that is causing actual or potential risk to occur, as well.
The final category is tolerating risk. This step is part of the overall risk management process, as organizations determine the level of risk that they are willing to accept in any given situation or area. When it comes to finances, an organization must consider the amount of financial loss they are willing to risk to perform any number of activities.
These steps and processes can be applied to risk management in a similar manner. However, the detection and investigation of individual financial risk events is much more specific and technical, requiring the expertise of auditors and accountants.
3. Employ tools, automate risk management
Enterprise risk management tools now go beyond traditional spreadsheet-based software. According to McKinsey & Co., 66% of enterprises were piloting or using automation technology in 2020, with predicted increases to come.
Here are two key areas companies are exploring in 2021:
Robotic Process Automation (RPA) — This technology provides rules to “bots” which mimic simple, repetitive processes that humans often do. This could mean automating the compilation, download, and circulation of an ERM-related report. However, some other highly popular use-cases are onboarding, third-party screening, due diligence, and compliance monitoring. Upon implementing this technology, businesses report reduction of input errors, less human handling of sensitive information, and faster input and processing for overall time savings. Additionally, Gartner reports that “88% of corporate controllers expect to implement RPA in 2021.”
Risk Discovery Artificial Intelligence (RD AI) — According to research conducted by the Public Company Accounting Oversight Board (PCAOB), one of their biggest concerns as the audit industry develops is “over-auditing” due to lack of understanding of company risks. MindBridge’s RD AI platform finds potential risk across 100% of financial data, and explains these findings in a transparent way. The ensemble AI engine finds potential risks with 10x the effectiveness of rules-based tools, and at over 2000x the speed of manual entry. An ERM framework with deep accuracy, efficiency and effectiveness gains can be enhanced by the 4Ts in the figure below:
4. Review risk management processes often
The final and most important way to improve your risk management is to review continuously. Meaning, check in on your risk management processes as often as you can. Set up a schedule of monthly, quarterly, or even yearly reviews.
Even the strongest risk management processes are at the mercy of ever-changing external and internal factors.
An effective risk management plan will implement an ongoing basis to accommodate these changes, ensuring that it continues to be as effective as possible.
For example, the Enterprise RIsk Resilient EcoSystem, a framework designed to incorporate the needs of larger organizations, is a testament to the need for an evolving mindset regarding risk management.
According to Jonathan Marks of Baker Tilly, the 8th largest accounting firm in the United States,
“The Enterprise Risk Resilient EcoSystem is more complete than other published frameworks and is more reflective of the current state of “our modern world” and where we need to focus. Why? Regulators are expecting organizations to be using a data driven audit process and using the results or feedback to continually enhance their compliance program.”
He continues:
“This means organizations should be strongly considering adding technology like MindBridge to the equation. It also means that if compliance, audit, and the general counsel are not working harmoniously there is a possibility risks will not be properly addressed increasing the likelihood of fraud.”
To learn how you can implement MindBridge into your risk management process, or to learn more about the MindBridge Audit Approach, click here.
For more articles like this one, visit the MindBridge blog.