Add to collection(s) Add to saved
  1. Business
  2. Accounting

Embedding Sound Risk Management Practices into an

advertisement 
Risk Management – Embedding Sound Risk
Management Practices into an Organization
POWERFUL INSIGHTS
Issue
Our Point of View
Determining an organization’s approach to risk management
and monitoring its risks often are the responsibilities of a
core team of individuals. While these individuals can develop
effective policies, procedures and frameworks to help direct
the organization’s risk management strategy, responsibility
for the execution of sound risk management activities and
the operation of key control points falls on the wider employee
base as part of their day-to-day activities. It is the line managers, traders, accounts payable clerks, stock managers, brokers
and many other professionals who must maintain the key
controls that help mitigate risks to the organization.
To successfully deliver a risk and control awareness
campaign and truly embed risk management within an
organization, a number of core basic principles should
be followed:
Within many organizations, individuals operate these
controls and mitigate these risks, but do so subconsciously
as part of their general activities. When individuals are
required to change practices to mitigate potential risks or
are required to start formally attesting to controls they operate, little support or advice may be provided and resistance
can build up. Without an effective training program to help
explain the value of risk management and support business
users in their individual responsibilities, risk management
becomes an ancillary function rather than one that is
embedded into daily business activities.
Challenges and Opportunities
Embedding risk management into the day-to-day running of
an organization and driving individuals to consider the risk
of their actions are key to the implementation of a successful
enterprise risk management (ERM) program. Like any type of
change, users need to be helped through any transformational activities to understand the value of their actions or
why change is required. Therefore, training becomes highly
important. The challenge to delivering an effective training
program is meeting the needs of a wide range of individuals
who often are at different grades or levels within the organization but, in many cases, have the same risk responsibilities.
• Demonstrate value – Any training should be worded
appropriately to demonstrate how it will aid end users
in their roles and should be viewed as value-adding
rather than one of many time-consuming corporate
requirements.
• Tone from the top – Support and buy-in from senior
management are critical to drive ownership and embed
risk management. Executive-level training in the form
of “know your responsibilities” is a useful mechanism
to help management understand their risk responsibilities and those of their staff.
• Identify the needs of end users – Risk management
training should seek to cover not only the “why” of risk
management, but also how users can implement risk
management practices successfully into their day-to-day
activities. Through tailoring courses to meet the needs
of individual users based on their roles, employees can
be provided with highly specific training to which they
can relate.
• Utilize multiple formats – The use of multiple formats
or media can increase user participation significantly.
Computer-based training (CBT) courses can provide
training to multiple individuals and are useful in geographically dispersed organizations, while formal classroom training or seminars can be used to provide more
in-depth learning.
PROVEN DELIVERY
How We Help Companies Succeed
Given Protiviti’s deep understanding of enterprise risk
management, we have assisted many clients in designing,
executing and embedding risk management training and
awareness programs, each tailored to their organizational
approach to risk management.
• Rolling out the training program to more than 1,500
users across more than 15 countries, including the
delivery of a “risk management basic CBT” course,
targeted classroom courses, executive “know your
responsibilities” events and risk management awareness sessions
• Embedding a process for the ongoing tracking, monitoring and reporting of stakeholder attendance at courses
Example
Protiviti assisted a client in the financial services industry
with a comprehensive review of its risk management
training program and then rolled out a global risk awareness program. The goal was to increase awareness among
end users of their risk management responsibilities, providing both “light touch” training to all staff and more
detailed, role-based training tailored to an individual’s
role and risk responsibilities.
• Delivering a dedicated risk management training
intranet site to act as a point of focus for all future
risk management activities
Key benefits of this approach included:
Our engagement involved:
• The improvement of risk management awareness across
the organization, leading to the client being able to
demonstrate compliance with regulatory requirements
regarding risk management awareness
• Determining the training needs of all staff based on the
organization’s approach to risk management
• An “up-skilling” of staff, leading to improved risk management performance against internal management statistics
• Producing tailored training materials to drive a better
understanding of risk management requirements for
each individual based upon their role. These included
a computer-based training course to be taken by all
staff, courses for risk and control owners, and handbooks for executives to summarize their risk management responsibilities.
• Training that was aligned to users’ requirements based
on their roles and organizational responsibilities
Contacts
Kurt Underwood
+1.206.262.8396
kurt.underwood@protiviti.com
Jonathan Wyatt (London)
+44.207.024.7522
jonathan.wyatt@protiviti.co.uk
Michael Schuchardt
+1.312.476.6399
michael.schuchardt@protiviti.com
Jim DeLoach
+1.713.314.4981
jim.deloach@protiviti.com
Cory Gunderson
+1.212.708.6313
cory.gunderson@protiviti.com
About Protiviti
Protiviti (www.protiviti.com) is a global business consulting and internal audit firm composed of experts specializing in risk, advisory
and transaction services. The firm helps solve problems in finance and transactions, operations, technology, litigation, governance,
risk, and compliance. Protiviti’s highly trained, results-oriented professionals provide a unique perspective on a wide range of critical
business issues for clients in the Americas, Asia-Pacific, Europe and the Middle East.
Protiviti has more than 60 locations worldwide and is a wholly owned subsidiary of Robert Half International Inc. (NYSE symbol: RHI).
Founded in 1948, Robert Half International is a member of the S&P 500 index.
© 2011 Protiviti Inc. An Equal Opportunity Employer. PRO-0511-107059
Protiviti is not licensed or registered as a public accounting firm and does
not issue opinions on financial statements or offer attestation services.
Related documents
Protiviti assists client in acquiring a professional sports team and
Protiviti assists client in acquiring a professional sports team and
Protiviti helps client recover US$350 million
Protiviti helps client recover US$350 million
protiviti audit command language (acl) training
protiviti audit command language (acl) training
The IIA Proposes Revisions and New Standards to its International
The IIA Proposes Revisions and New Standards to its International
member Medicaid/Medicare health plan
member Medicaid/Medicare health plan
Government-Contractor-Improve-Financial-Processes
Government-Contractor-Improve-Financial-Processes
protiviti audit command language (acl) training
protiviti audit command language (acl) training
Accelerating Revenue Recognition to the Speed of Business
Accelerating Revenue Recognition to the Speed of Business
Value Through Scenario Analysis
Value Through Scenario Analysis
Testing the Reporting Process
Testing the Reporting Process
US Regulatory Reform – Impact on the Thrift Industry
US Regulatory Reform – Impact on the Thrift Industry
Present
Present
PCI-Presentation-ISACA-Meeting-July
PCI-Presentation-ISACA-Meeting-July
Today's IT Organization – Delivering Security, Value and
Today's IT Organization – Delivering Security, Value and
The Bulletin - Improving Working Capital Management
The Bulletin - Improving Working Capital Management
Today’s Enterprise - Cyberthreats Lurk Amid Major Transformation
Today’s Enterprise - Cyberthreats Lurk Amid Major Transformation
Analyzing Strategic Risk
Analyzing Strategic Risk
Guide-to-SOX-IT-Risks-Controls-Protiviti-unlocked
Guide-to-SOX-IT-Risks-Controls-Protiviti-unlocked
Download
advertisement