Risk Management: A Holistic Approach

What is Risk Management? 

At its core, Risk Management relies on a risk- based assessment of processes and technology followed by the implementation of key and secondary control activities specifically designed to mitigate risk exposure for an organization, without hampering business operations.  

 

In today’s ever changing, fast paced, highly competitive business environment, a strategic and sustainable approach to risk management is essential. Given the extensive use of technology to support and enable all facets of a business, it is often daunting to even begin assessing and understanding risk.  

 

Organizations that begin their risk management processes looking for an off the shelf solution often find themselves in challenging, and potentially compromising situations. Often, these challenges can be traced to today’s highly interconnected business environment, wide ranging use of technology, and ever-increasing surface area exposed to risk. When organizations lack a strategic and sustainable approach to identifying and managing risk it often results in financial and/or reputational damage to an organization.  

 

How do I begin classifying and managing Risk?

Risk Management often begins with the development of a customized and comprehensive approach to managing business process risks, access risks, and IT Governance Risks. These three pillars of Risk Management are often defined by documentation known as a “Risk and Controls Matrix” or RCM. This matrix includes Business and IT controls designed to define risks in each of the key areas, as well as to provide the required compensating controls and risk mitigations. 

 

The right mix of these controls is highly dependent on the existing business processes, technology, and the application-based access governance options available to an organization. Diving deeper into the appropriate mix of controls, a dependency exists between the maturity level of risk management and governance processes in place. The balance of processes, technology, and controls influences how best to address risk exposure in the short, medium, and long term. The risk management process and controls framework are iterative and will improve over time with continued focus and refinement.  

 

What is the Risk Management Process? 

As an organization grows and transforms, the organization’s risk exposure evolves and transforms as well. Organizational risks that exist due to manual tasks and processes, may be mitigated through the introduction of new processes or IT enabled solutions. Additionally, the introduction and evolution of these solutions may also introduce new risks to the environments. Managing the evolving risk effectively and efficiently is key to enabling the necessary governance and assurance over business processes, financial reporting, financial transactions, and data integrity. These items are key to enabling the business to operate and grow successfully.

 

A strong risk management and governance framework includes the following key areas: 

  • User Access within Applications
    • How is access granted to an application? How is that access monitored and reviewed?
  • Detection of Separationof Duties (SoD)
    • What conflicting activities pose a risk to the organization? How do we detect risk in our environment from SoDs?
  • Monitoring Sensitive Access 
    • What business and IT activities pose the greatest risk? How do we monitor users with this type of access?
  • Business Process Risks
    • How are changes to vendors and suppliers managed? Are they reviewed? How are account reconciliations performed?
  • Regulatory risks
    • How is PII (Personally Identifiable Information) protected? How are regulations such as HIPPA, enforced and monitored?
  • Asset Security Risks
    • Are checkbooks kept under lock and key? Are sensitive data assets secured behind locked doors?
  • Change Management Risks
    • How are organizational and process changes communicated and managed? How are decisions on changes made and agreed upon?

 

Many growing organizations manage these risks with highly manual processes and controls. This is often the result of implementing a short-term, reactionary approach rather than following a strategic integrated and well formulated framework. A reactionary approach often results in a band-aid approach and rarely addresses the underlying issues, resulting in inefficiencies, increased risk exposure, and time intensive manual mitigation techniques.  

 

In order for an organization to effectively manage risk a unified and logical approach is necessary. Therefore, classifying and developing an understanding of the underlying drivers of risk within your organization is a recommended first step to a challenging journey. Once risk is assessed and understood, it is recommended to develop a holistic approach to managing that risk and ultimately, develop a tactical guide to mitigating and reducing the overall risk exposure.  

 

How can we help? 

 

At Altum Strategy Group, our Risk Management Professionals build risk management programs around a confluence of people, process, and technology. We work with organizations across all industries, running a wide range of ERP packages and applications to develop and implement sustainable strategies drive efficiencies, fast results, and ultimately lead to a secure, compliant, and sustainable governance program. In order to get a handle on this problem and develop a plan of action to reduce overall risk, Altum suggests to begin with an assessment. By performing a review of the current state, a picture begins to form highlighting areas where risk exists and helps define priorities for mitigating and reducing the identified risk. Altum takes a holistic risk-based approach to design and implement these wide-ranging programs. In order to achieve this delicate balance an invested, experienced, and knowledgeable business partner is essential to create a strong centralized message, develop sustainable governance processes, and support it all with the right technology solution. To find out more, reach out to our skilled professionals to discuss how Altum Strategy can help your organization.  

 

Contact Us for More Information