Risk Management Systems: The New Frontier


ccosgcsLarge companies have the resources and the incentive to implement risk management systems.  With the increase in compliance by medium and small-sized companies, chief compliance officers and internal auditors are developing and implementing risk management systems.  I have never been a fan of complicating or confusing compliance and risk management.  After all, risk management naturally belongs in the compliance program functions.  Creating a whole new risk management function separate from compliance makes no sense.

With this caveat on the structure and operation of a risk management system, I believe that companies should conduct risk assessment and management strategies.  When I use the terms risk assessment and management systems, I am referring to overall organizational risks, including business and operational risks, not a specific anti-corruption risk assessment.

A basic risk management system can be developed through an annual collaborative process which requires the participation of all senior management, as well as mangers in each business unit/product or service line.  Essentially, a senior risk management group should be charged with the responsibility of identifying the most significant risks facing the organization.

Members of the senior risk management committee should reach out within their respective units, divisions or other organizational unit and conduct a survey of management as to risks in their respective unit, division or organizational unit.  The survey can be conducted informally or with a written or electronic form.  Based on this information, the senior management representative should report back to the full senior management representative on the specific risks.imagesCA320AJU

The senior management risk management committee can share the information among the committee members, and then divide into groups to assess these risks and identify any others.  In the end, the senior risk management committee should develop a lengthy list of risks.  Working together, the committee should complete the process by preparaing a risk analysis list which includes the following elements:

  • A description of each risk
  • A measurement or ranking of the risk relative to the other risks
  • The assigned “owner(s)” of the risk
  • The policies and strategies for reducing/managing the risk
  • The expected outcome of such strategies

imagesCAEGN5HTThis risk assessment chart can be quite detailed and very helpful for organizing risk management strategies.  The owners of the risk should be evaluated on their performance in managing the specific assigned risk.

This risk management process is a continuous process.  Once the risk management strategy is developed and approved, the process should begin again for the next year.  It is a continuous process which inevitably leads to focused strategies to reduce risk and improvement of compliance and other risk management operations.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Michael Volkov, The Volkov Law Group | Attorney Advertising

Written by:


The Volkov Law Group on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.