Risk Management

Risk Management

A business is impacted by numerous internal and external factors which affects its operations and profitability. A recent example of this has been the outbreak of Covid-19 coronavirus which has had severe bearing on businesses across the world. While it is not possible to eliminate the risk, it can be mitigated through a systematic risk management framework. While the manner and structure may vary, in today’s environment every business- be it a grocery shop or an MNC- requires a robust risk management framework.

It is also pertinent to note that while the Companies Act, 1956 did not contain any mandatory provisions relating to Risk Management, the Companies Act 2013 has specifically defined responsibility for various stakeholders, namely, the Board of Directors, Audit Committee and the Independent Directors in relation to Risk Management. SEBI’s guidelines also require the companies to lay down procedure to inform Board Members about Risk Assessment and minimization procedures.

Depending upon the requirement of the organisation, our risk management services involve:

1. Risk Assessment and Review

Different organisations have to deal with different kinds of risks. Assessment of Risk encompasses brainstorming sessions with management, business owners and process owners to understand the processes and risks involved in these processes. Here, the role of a risk manager is pivotal as it helps the process owners in visualising risks that they might not be aware of.

Identified risks can be classified into- Enterprise Level Risk and Operational Risk. Enterprise Level Risk are such risks which can severely impact the operations and profitability of the organisation. Few examples of such risks include dependency on a single vendor for supply of an essential commodity, physical risk such as fire, government policies, etc. Operational Risks are the risks associated with a particular operation and generally have impact of that operation only. For example, risk in Human Resource Department can include high iteration rate, bogus employees, delay in processing of salary, non-compliance with labour laws, etc.

At Shiv & Associates, we have a team of risk managers who have wide range of experience in Risk Assessment in India as well as outside India. Our methodology of Risk Management involves-

1. Identification of Risk- It involves understanding business environment and business processes and identifying key factors which can impact the operations of the organisation.
2. Assess the Risk- Merely identifying risk shall be incomplete, unless magnitude of risk is also not assessed. Risk assessment is based on two factors- probability of its occurrence and impact of its occurrence.
3. Control the Risk- This involves development of processes and controls to mitigate the occurrence of the risk and its impact.
4. Review of Controls- Risk Management is not a one-time activity and it is necessary to keep reviewing the controls in place for their effective and efficient working.

2. Drafting of SOPs

For an organization to grow and maintain the standards of quality, it is imperative to have Standard Operating Procedures (SOPs) defined for its processes including operations, HR, finance, procurement and marketing.

At Shiv & Associates, we combine our experience of working closely with businesses across the sectors to draft SOPs for businesses and assist them in implementing the same. Our SOPs development methodology is based on risk assessment as we try to inculcate all necessary controls in the SOPs for mitigating the risks. Another important aspect of our methodology is due weightage being given to change management whereby any change is business processes are managed without causing disruption to any of the stakeholders.

3. Implementation of Internal Controls

Every company like to believe that its employees and management are above reproach and would never do something to harm the organization. However, it is also a wise business move to have systems in place to ensure things are running smoothly and there aren’t any issues. Internal controls are procedural measures an organization adopts to protect its assets and property. Broadly defined, these measures include physical security barriers, access restriction, locks and surveillance equipment. They are more often regarded as procedures and policies that protect accounting data. company records, cash and other assets.

Our team at Shiv & Associates has wide experience of assisting organisations in implementing internal controls. While implementing Internal Controls, our focus is on both preventive and detective controls. Preventive controls are designed to prevent errors, inaccuracy or fraud before it occurs. Detective controls are intended to uncover the existence of errors, inaccuracies or fraud that has already occurred.

Few common examples of controls are

• Preventive Controls

•  Segregation of duties
•  Authorization mechanism
•  Computer password and Access Control
•  Physical Security Barriers
•  Employee Screening and background check

• Detective Controls

• Audits
•  Reconciliation of Bank Accounts
•  Physical Verification of Inventory
•  Third Party Verifications and Balance Confirmations
•  Independent Evaluation and Certification