Operational Risk and Transformation
Enterprise Risk Management
Explore the positive side of risk
In many organisations, risk is an important, but largely supportive, function focused on well-defined risks, such as financial, operational, and cyber risk, yet rarely integrated with the core business. This can result in a risk mitigation culture that’s seen as separate from the core business needs for growth and innovation.
But risk management done right is tightly embedded in management’s core business processes, where identifying and managing strategic risks are an integral part of strategy setting and execution. This level of integration can help your organization more effectively achieve intended business objectives and get better value from its Enterprise Risk Management (ERM) program.
Deloitte’s Risk Advisory team helps clients to implement sound risk management practices and embed a risk aware culture to drive good customer outcomes, sound business performance and limit potential misconduct.
Deloitte’s Risk Advisory team can help answer the following questions:
- Is your Risk Framework structured to enable you to manage risks while executing your organisation’s strategy? Are you clear about your risk appetite? This is a crucial component in effective risk aware operations. Organisations must understand the degree to which they are operating to their risk appetite as their business develops.
- Will the governance framework meet regulatory expectations efficiently? Or has regulatory compliance driven a ‘form over substance’ outcome that delivers minimal compliance at maximum cost?
- Can you clearly articulate the expected risk culture of the organisation, and assert the degree to which it is consistent with that expectation? This area is challenging Boards and Executives globally, and increasingly receiving regulatory attention, and must be addressed for an organisation to meet its stakeholder expectations.
Specifically we provide the following services:
ERM assessment / benchmarking: Deloitte can undertake an external assessment of whether the design of your current ERM Framework is fit for purpose and whether it is effectively implemented in your organisation. We leverage off our understanding and knowledge of cutting edge Risk Management practices and methodologies (for example, COSO’s Enterprise Risk Management Framework) to identify any gaps and to provide recommendations for improvements in order to reach your organisation’s targeted level of risk maturity. In addition we can use the relevant broad and deep experience which our local team can offer and we can liaise with further resources within our global firm to benchmark your risk function against the standards of best practice seen in peer organisations both locally and internationally.
Risk transformation: Transformative shifts in the marketplace demand transformative responses in order for organisations to enhance capital, operational, technological, and risk management efficiencies—and shareholder value. Risk Transformation offers a strategic platform for analysing and enhancing organisational risk management capabilities. Risk transformation enables a holistic view of risk and an integrated method of addressing risk-related and operational needs.
The Risk Transformation framework facilitates identification of risk-related issues and challenges and provides a menu that allows the organisation to choose where it needs to be. The framework is based on four cornerstones
1. Governance and culture;
2. Business and operating model;
3. Data, analytics and technology; and
Risk Appetite: We can help develop your risk appetite framework and risk appetite statement and review and enhance your existing framework.
Risk Culture: We can help to develop and implement a risk culture framework, undertake a risk culture maturity assessment of your organisation, develop management information and deliver targeted training at all levels of the organisation.
Risk Education and Training: The development of course content for all levels and deliver training on the key considerations and concepts included within an organisations ERM programme.
Risk function strategy workshops: Help develop vision, focus areas, and plan for a risk transformation.
Chief Risk Officer Executive Transition: Research shows that as many as 40% of executive transitions fail in the first 18 months. Executive Transition Labs help new executives manage time, talent and relationships to create a practical, detailed plan for making an exceptional first impression.
Executive Transition labs are designed to be a one-day experience built to help recently-appointed executives hit the ground running and thrive in new roles.
Operational Risk and Transformation:
Deloitte helps organisations transform the ways they leverage people, third-party relationships, technology, data, business processes, and controls to manage operational risks and elevate business performance. Developing integrated, strategically-aligned operational risk management solutions allow organisations to make optimised business decisions.
How we can help:
- development and implementation of operational risk frameworks, including systems of internal control as well as reviewing and enhancing existing frameworks, policies and procedures.
- provision of comprehensive individual, team, function or firm-wide training across the spectrum of operational risk processes and tools.
- provision of skilled and experienced staff for short and long term secondments to risk functions including project management resources to lead or support risk related projects.
COSO Internal Control Framework
On May 14, 2013, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released an updated version of its Internal Control — Integrated Framework (the “2013 Framework”).
Originally issued in 1992, COSO’s Internal Control — Integrated Framework (the “1992 Framework”) became one of the most widely accepted internal control frameworks in the world. COSO’s primary objective in updating and enhancing the framework is to address the significant changes to business and operating environments that have taken place over the past 20 years.
The 2013 Framework creates a more formal structure for designing and evaluating the effectiveness of internal control by:
Using principles to describe the components of internal control — The 2013 Framework contains 17 principles that explain the concepts associated with the five components of the COSO Framework:
1. Control environment;
2. Risk assessment;
3. Control activities;
4. Information and communication; and
5. Monitoring activities.
In addition, the 2013 Framework outlines a more formal way of designing and evaluating internal control in accordance with the principles.
We work with organisations to enhance the effectiveness, quality and implementation of their internal control framework. Our services include:
Assess the company’s readiness to demonstrate compliance with the COSO II internal control framework. Key activities may include:
1. A current state analysis review.
2. Provide advice and recommendations on potential gaps; and
3. Assist with remediation efforts.
Risk Assessment, Quality of Information, and Monitoring Activities
Provide advice and recommendations on the following key topics/concepts emphasised in the revised Framework:
1. Risk assessment, including enhanced focus on fraud risk assessment;
2. Evaluating the integrity and quality of information;
3. Monitoring and related oversight of key activities performed at the third-party service providers; and
4. Precision of higher level detective/review type controls activities (e.g., ongoing monitoring and/or separate evaluations performed) and use of analytics in the context of monitoring.