What is Risk Management?
Risk will always exist in an organisation. It describes the possibility of threats occurrences, which consequently would prevent the organisation in achieving their objectives.
Risk Management is a logical and systematic method of identifying, assessing, treating, monitoring and communicating the risks with any activity, function or process that will lead an organisation towards an effective management of adverse effects and potential opportunities, and subsequently achieve the objectives
Why Implement Risk Management?
Implementation will help management in managing the risks, in line with requirement of the Corporate Governance policies, which require the Board of Directors to maintain a sound system of internal controls to safeguard shareholders’ investment and company’s assets. The benefits of implementing the risk management include:
- Achievement of the organizational objectives
- Better focus on business priorities, whereby it enables managers to focus the resources on the primary objectives
- Improve the financial and operational management by ensuring that risks are adequately considered in making decision
- Better understanding of business strength, weakness, opportunity and threat
- Ensuring adequate controls in processes
- Increase shareholders confidence
Objective of the Framework
The objective of this framework is to provide guidance to facilitate a structured framework approach to the risk management in Company.
Risk Management Committee
A committee should be set up ensure smooth implementation of the risk management process. It should report the Board of Directors (or representative) at least every 3 month. The committee should comprise representative from Operations, Finance, Human Resource, IT, Legal and Internal Audit departments.
The functions of the committee include:
- To agree on the procedures and reporting formats on the risk management processes
- To review the adequacy and effectiveness of the risk management framework
- To implement the risk management process
- To ensure that the Board and Management receive adequate and appropriate information (including the quarterly report), for review and decision making respectively.
Roles of Internal Auditors
The Internal Auditor will play a key role in implementing the risk management throughout an organization. The common roles of the Internal Auditor are:
- Raising awareness of risk management among managers and staff
- Produce the risk management framework
- Arrange and facilitate the committee meeting
- Arrange and facilitate the workshops (if necessary)
- Review all risk management processesCompile and provide report to the management