Enterprise Risk Management
Internal Audit

Enterprise Risk Management (“ERM”)

In our opinion, a business is confronted with a broad array of uncertainties that could potentially impose major risks to the business and its operations. Therefore, we define risk as the uncertainty of future events for the business. Some common examples include the collectability of outstanding receivables. A business may have hundreds or thousands of outstanding accounts receivable of which the business will never be certain how many of them will end up becoming bad debts. In addition, businesses that require a specific raw material commodity as the key ingredient for their product development, the business will not be certain of the commodity price of the specific raw material commodity a year later. Furthermore, for a business that is seeking to obtain approvals on the relevant permits and/or licenses, there is no guarantee that the permits and/or licenses will be approved. In short, it is almost impossible for businesses to predict the outcomes of certain events with exact certainty.

Our team specializes in assisting management in how to deal with these risks, introducing risk mitigation measures, transferring risks to a different entity, or on some occasions, accepting the risk as part of the corporate strategy. We could further provide relevant advice on contingency planning, purchase of insurance, and developing financial analysis about risks and other related aspects.

If you like to know more about ERM, please download the pdf file below.

pdf download – Enterprise Risk Management

Our Internal Audit Services – ERM Approach

Our advisory services in the aspect of Enterprise Risk Management (“ERM”) comprise the following:

  1. Conduct an independent review concerning the ERM of the entity-wide enterprise;
  2. Conduct an independent assessment of the internal control (‘IC”) of the company. This assessment encompasses financial, operational, and compliance with laws and regulations such as the continuing connected transactions (“CCT”), Corporate Governance (“CG”) Code, other disclosure, etc., company policies and standard operating procedures, and other agreed-upon procedures tailored to specific aspects.

The deliverables of the above review and assessment include the outcome of the ERM framework coupled with relevant recommendations presented in an action plan outlined in step-by-step proposed activities to be executed.

The implementation of the relevant procedures will involve approaching relevant parties in the aspect of ERM that include but are not limited to the following:

  • Senior members of the company’s management team;
  • Company’s operational teams;
  • Audit and/or Risk Management Committee (if any);
  • Other professionals such as the external auditors.

The interactions with these parties include inquiry, interviews, and surveys that aim to gather the results of the management or risk committee’s assessment of risk. The communication with key parties will be maintained throughout different of the review outlined as below:

Step 1 – Planning, and facilitating risk discussion

The scope of works shall involve:

  • Confirm the scope and risk management objectives via discussion with key stakeholders such as the board of directors and/ or management;
  • Conduct an initial review of the company’s risk universe in the course of identifying the extent of relevant risks, such as financial risk, operational risk, regulatory compliance risk;
  • Discuss with the departmental or business unit leaders who are ultimately the owners of the risk to find out existing risk management policies and support systems to better understand key risk areas within each department or business unit;

The preliminary discussions aim to identify, evaluate, and verify the risk issues and the relevant facts gathered from different parties.

Step 2 – Risk Assessment

  • Within each risk category, discuss with management or relevant parties to explore the significant or catastrophic impact the risks have on the company;
  • Based on the initial inputs, categorize and prioritize the risks.

Step 3 – Review and Discussion with Management

  • Discuss the prioritized risks with the key stakeholders such as the board of directors, audit committee, business unit, or departmental leaders, and obtain their views and feedback to confirm the findings;
  • Update the list of identified risks if necessary.

Step 4 – Action Plan

  • Evaluate the company’s existing position, and assess how the existing systems and controls could manage the identified risks as well as potential risks;
  • Discuss with relevant key stakeholders on areas in which the identified risks may not be adequately controlled, and assess the responses or decisions from the key stakeholders;
  • Maintain close contact with company’s key stakeholders to follow up on the execution of relevant improvement actions.
Return to Top

Encountering Business Challenges?

Let’s talk about how we can assist and raise together.

Connect with us!
Tel: +852 8493 3642
Company Profile dowload

Let us together build a flourishing business

When connected with us, you aren’t growing your business alone. We have your back and put in our best to contribute to the growth of your entire team and organization. So, if you are looking for the right consultant that’ll help you overcoming business and operational challenges, and bring in more conversions and revenue, we are right here!

Get A Quote
Get A Quote