Risk management is a process in which organisations identify, assess and mitigate risks that could potentially affect their business operations. Corporate risk management refers to all of the methods that a company uses to minimize financial losses. Corporate risk management is as much, or more, about ensuring success in the face of uncertainty, rather than just testing against possible failure scenarios. It's more positive to deal with deviation from expectation rather than the negative mindset of what to do if the worst happens.

Risk is a certainty in life and business, so it needs to be positively managed.

Your organisation needs to consider any possible event or circumstance that could have negative influences or outcomes. Its impact can be on the very existence of the company, the resources (human and capital), the products and services, or the customers of the enterprise, as well as external impacts on society, markets, or the environment.

Lines of Enquiry

Regular audits must be undertaken, with the following lines of enquiry:

Strategictest against failure to deliver the organisations goals
Governance, Commercial, Partnerships, Internal Impacts, External Impacts

Operationstest against failure to develop and adopt appropriate operational processes and controls
Process Design, Process Operation, Information Management, Business Continuity

Peopletest against failure to appropriately resource our company and to take care of our people
Appropriate Resourcing, Skills & Knowledge, Performance & Reward, Diversity & Inclusion, Security & Safety

Customer Caretest against failure to appropriately protect and retain our partners and customers
Customer Knowledge, Customer Security, Transparent Dealings

Technologytest against failure to provide reliable and performant applications and infrastructure, and devices on which the services are performed to meet the operational, regulatory and reporting needs
Adequacy, Availability, Performance, Recoverability, Support

Cybersecuritytest against failure to protect the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorised access.
Security, Audit

Regulatory test against failure to demonstrate compliance with regulatory requirements
Regulatory Reporting, Regulatory Authorisation, Regulatory Implementation, awareness of Regulatory Change

Legaltest against failure to demonstrate compliance with legal requirements
Partner Contracts,  Supplier Contracts, Mergers and Acquisitions, Intellectual Property, Indemnities, Confidential Information, Statutory Reporting

Financetest against failure to meet the operational, regulatory and reporting monetary needs
Treasury, Cash Flow, Reconciliations, Financial Reporting

Financial Crimetest against failure to deliver the organisations becoming a victim of financial crime or allowing it to happen to others
External Fraud (money and/or data), Money Laundering, Asset Security

Physicaltest against failure to plan for and protect against events such as fire, flooding, power loss or crimes like staff assault, terrorist attack, theft and vandalism
Buildings, Equipment, People, Recoverability, Security, Support

Reputationtest against failure to protect the company's good name in the market place and the consumer base
Governance, Communication, Disaster Recovery, Business Resumption, Customer Complaints

Leaders should work closely with internal and external auditors. All findings must be discussed, agreed and regularly tracked to resolution.

Corporate risk management is a major topic. This article is a short reminder of what needs to be considered.


Risk Led Leadership
Leading your company – setting your objectives, making commitments, and managing your organisation’s performance whilst being aware of the threats and opportunities that affect these outcomes is risk-led leadership. We explain our PACED approach to move into an uncertain future with confidence.