Business Risk Management Ltd Logo
Business Risk Management Ltd

        Public Courses
        Internal Audit
Risk Benchmarking - Enterprise Risk Management
Risk BenchmarkingThe following describes the approach and methodology for undertaking a risk management benchmarking exercise

The risk management process will be compared with and measured against world wide best practice and international risk management standards

The ability to manage significant risks effectively is an increasingly critical success factor for all organisations. Badly informed or poorly executed risk management, on the other hand, can easily spell disaster

As each month passes the importance of risk and assurance increases or so it would appear form the ever-increasing coverage being given to the subject. The result is that risk management has been catapulted from being a useful tool to become the very pulse of the organisation and the yardstick by which its management is judged.

The benchmarking exercise will assess all aspects of the risk management process by reviewing documentation, reports etc and interviews with key personnel

1. Risk Management Strategy and Approach

  • Evaluation of the strategy against best practice
  • Communication and understanding of the strategy
  • Risk management standards adopted
  • Risk management terminology used
  • Definition and understanding of risk appetite
  • Linkage to Corporate and business objectives
  • Extent to which opportunities are encompassed
  • Link to surprises and near misses
  • Inclusivity of the process
  • The Risk management framework
  • Approach adopted to sell the benefits to management
  • Benefits projected

2. Risk Identification and Evaluation

  • Methods used to identify risk
  • Sources of risk
  • Risk definitions – including use of inherent (gross) and residual (net) risks
  • Categories of Risk and how determined
  • Risk workshops – approach used
  • Sifting and clustering he risks – approach used
  • Use of scenario planning
  • How have more complex risks been assessed? egg Monte Carlo simulations and Bayesian Networks
  • Measuring the impact and the likelihood of occurrence of each risk
      • Approach adopted
      • Risk matrix – evaluation against best practice
      • How has the approach ensured consistency
      • Ease of understanding by managers using the process
      • Reliability of the information gathered

Risk Benchmarking3. Assessment of Risk Mitigation

  • Approach adopted – workshops or other approach
  • Method employed to assess risk mitigation
  • Identification of risk exposures
  • Determination of exposures (the 4 Ts - terminate, tolerate, treat or transfer)
  • Establishment of action plans.
  • Risk treatment analysis – how have the cost/ benefits of dealing with exposures / exploiting opportunities been assessed?

4. Output from the Risk Process

  • Risk register – method adopted
  • Extent to which risks have been identified at the appropriate level
  • How has consistency been ensured
  • Approach adopted to deal with anomalies
  • Risk owners – how have these been determined
  • Flagging interdependencies – if one risk treatment is changed the other party or parties impacted need to be notified. How has this been dealt with
  • Reports for Senior Management
  • Board reporting to review progress in addressing the exposures – method adopted
  • Approach adopted to ensure new risks identified and included
  • Are annual statements required by risk owners? – What is included?

5. Embedding the Risk process

  • How have corporate risks been linked into the Strategic planning process
  • Has the process been adopted across the organisation?
  • Have all functions embraced the process?
  • How have operational risks into the business planning process
  • Approach adopted for risk tracking
  • How has the decision making process been influenced by the adoption of the formal risk management process?
  • What benefits have been delivered?
  • What changes to business processes have resulted?
  • Linkage to Performance management – method employed
  • Has the risk process changed the culture in any way?
  • How has the momentum been kept up
  • Integration of incident management
  • Integration of Business Continuity planning
  • How has the risk programme impacted priority setting?
  • Have risk champions been identified via the process?
  • How has the process been audited?
  • Next steps planned

6. Interviews with key personnel

  • If practical, short interviews (20 minutes) with key decision makers i.e. the Chief Executive, other Directors and Chairman of the Audit Committee should be arranged

7. Report

  • A comprehensive report identifying the strengths of the current process and opportunities for improvement will be prepared
Business Risk Management Ltd. All other trade marks acknowledged.
Privacy Statement. Using the products and services of this site confirms acceptance of our Terms and Conditions