Вы находитесь на странице: 1из 32

6 6


BY: Beverly Dayo, Reinier

Lacsamana, Val Acebuche, Derek Lee
and Eidrian Ocfemia
Ú hatƞs at risk if you donƞt successfully
monitor your business risk is, quite
frankly, business failure ơ ƛCFO Michael
Mclamb, Marine Max University

In business, risk management is

as important as profit

Getting up a comprehensive risk management
reporting system is mandated by both GECURITIEG

GEC Memorandum Circular No.2

BGP Circular No. 238

Code of Corporate Governance,
the internal control responsibilities Powers and authority
of the board include organizational
and procedural control supported of the board of
by an effective management
information system and risk directors.
management reporting system.
Gpecifically, this responsible is
vested to the audit committee. 2

Risk management is emerging as one
important competencies needed by the
Directors and top management must consider
adequate knowledge of risk management.
Corporations with poor risk management
leave their future no chance because they do
not spend valuable time scanning the risk

1. Establish a separate risk management committee
chaired by a director.

2. Ensure that a formal comprehensive risk

management is in place.

3. Evaluate if the formal system includes the

necessary elements.
ÿ. Evaluate the effectiveness of the various steps in
assessing comprehensive risks faced by the

5. Determine if management has developed
applicable risk management strategies and assess
their effectiveness

è. Assess if management has designed and

implemented risk management capabilities.

r. assess managementƞs efforts to monitor overall

company risk management performance and
continuously improve capabilities.

8. Ensure that the best practices and mistakes are
shared by all.

9. Regularly check level of sophistication of the

companyƞs risk management system.

10. Use expert advice as and when necessary.

To ensure that full attention is given by the board on
risk management, a committee headed by a director
with high level of risk management experience must
be formed.

Creation of Risk Management committee at board level

will clearly demonstrate the boardƞs commitment to an
integrated, company-wide risk management.

The following probing questions can help
validate a existence of a separate
management committee:

ƥ Has there been a resolution approving the set

up of a separate management committee?
ƥ Does the director chairing director chairing the
committee have adequate knowledge and
experience in risk management?

To ensure that there is a formal risk
management system adopted by the company.
A formal system provides clear vision and
objectives that are communicated throughout
the organization and a feedback mechanism to
ensure that all employees are fully aware of
the boardƞs sincere drive for an effective
company-wide risk management system.

The following questions may assist directors in
accessing whether their companyƞs formal risk
management system is formally structured from
the board level:
ƥ Has there been a board resolution formally adopting a
comprehensive risk management system?
ƥ Has the board defined the companyƞs tolerance to risk?
ill it be communicated down to the lowest level of the
ƥ Has the companyƞs direction and attitude towards risk
been defined?
ƥ Has a policy been set to disclose the companyƞs risk
management approach as part of the notes to the
companyƞs annual financial statements? mm
A Properly Documented and sound risk
management system should include the
following key elements.
Goals and Objectives
Risk Language
Organizational Gtructure
Risk Management Process




Consist of three important steps namely
Identifying, Gourcing, and Measuring.
These steps are performed by process
owners, production managers, treasurers,
finance officer, marketing managers.

Are all possible risk accounted for?
Of all the risks faced, which ones are desired?
Are there undesirable risks that we can accept?

Are identified risks driven by external factors?
hich identified risks are driven by internal factors? And which process
or unit do they originate?

!" 6
How significant are the risks in terms of impact on capital, earnings, cash
flow, or other key performance indicators and reputations?
How likely will the risk occur? mÿ


Using a common language results in a

meaningful process and facilitates risks
analysis leading better information for
decision-making and knowledge sharing.
Once identified, risks are then plotted on a
risk map in terms of their severity to the
business and their likelihood of occurrence.
  6  6   6 

  6 # are defined as the pure

risks associated with every business activity.

6   6 # are the remaining risks

after treatment measures have been
















   $6 "     
How is the risk identification procedure undertaken? By
workshop? By consultation? hat are the sources of
hen was the last risk review conducted? hat is the policy
on the frequency of review?
How are the identified risks analyzed? Are the likelihood and
consequence of risks determined? Are rating scales used?
How were the true nature of consequence and likelihood
determined? Are the directors and top management
consulted in this exercise?
Are the External auditors consulted regarding financial risks
identified by them during their annual audits?
06" ÚThe risk highlights all the
 possible risks identified,
prioritized and measured by
the risk management system.ơ
The infrastructure to manage
'() must include the process,
6* people, management reports,
"%" methodologies and systems.
6% MUGT ensure that the risk
management team uses tried
and tested methods and tools
to support their strategies.




6  ‰ 





M   "   


6  "      




ڏ  +6 "    ,

  +      -

 .     ơ

 / 0+   defines that risk management

capabilities to include processes, people, reports,
methodologies and technologies (systems and data)

The strategies drive the design of the processes, and
processes dictate the organization of people and skills
The reports are designed according to the information
needs of people involved.
The robustness of management reports is dictated by the
methodologies supporting them
And finally, the methodologies will not serve their intended
purpose if the necessary data are not available for analysis
and the requisite system is not in place to the process the
ù .     1 .  +  .     

r !!!!"#!$$%!%
)$%( (%,%,!'*)%&()-'!

Organization must therefore continue to innovate

their approaches in order to keep pace.
Risk management performance must be monitored
on an ongoing basis.
An independent review of performance, say by
professional consultants, could further help in
validating results.
There is no room for complacency and relaxation.



 $"     %

Is the performance monitoring process
ho has the primary responsibility in monitoring
hat are the ways adopted to monitor
performance, self-assessment, and use of
independent party?
Any action plan to improve risk management
capabilities? 0
Ú !,..-!)((! 
!+!!. -*''(%(







ouestions to test if best practices and mistakes are
disseminated throughout the organization:

Is there a directive form the board to organize a

communication structure for pooling knowledge and
lessons learned, and sharing expertise both within
and across business units and process?
Is there already an existing formal and informal
channels for a free top-down, horizontal and upward
communication of risk issues, intranet, websites,
group-wide, meetings, cross-functional teams, crisis
committee, bulletins, workshops?
hat role does top management play in establishing
an environmental that facilitates communication?
Risk management is a continuous process
of change.

Risk management is a journey driven from

the top of the organization.

In concluding this review, the directors can raise the
following lead questions to senior management:

here are we now?

here do we want to go in the continuum?
How do we get to the next level?
hat are the obstacles along the way?

)'$ !+"

levels Description
5 Ultimate risk sophistication.
ÿ Heightened maturity.
3 Much improve understanding
throughout the organization.
2 Awareness of need. Getting active.
1 Reactive.

m !/) &!! 0.
Managing risk is not an easy task. It is a
science by itself and such needs the
specialized skills of external experts.
Risk management needs creativity as
well as ability to convert risks to
Professional consultants can help your
company to move to E RM (Enterprise
ide Risk Management)