Risk Shield On Demand (SaaS)
Enterprise Wide Risk Management
Business Evolution
Over the years, business globalisation and IT revolution is exposing businesses to a wider variety of risks. The threat of terrorism and an increased awareness of environmental responsibilities have also helped to bring formal risk management to the forefront. Organisations these days can only afford to taking a more proactive, measured and predictive approach to enterprise risk management.
Standards for use within Australia and New Zealand were constituted to enhance corporate governance. The AS/NZS 4360 Standard on Risk Management launched in 1995 was the first Risk Management standard and are gaining more recognition worldwide.
Within Australia, at least two major mining enterprises with significant Australian operations have incorporated the AS/NZS 4360 process into their global risk management program to cover the operations internationally.
In fact, a certain level of risk management is now required by all Australian companies whether it be a SME or MNE. Recent Changes in NSW to the Occupational Health and Safety Act is enforcing the following:
"The employer is required to identify hazards and assess risks arising out of the activities of persons - not just employees at work - and to put in place a system which either eliminates or controls the risks"
The US Legislation (Sarbanes-Oxley 2002) is also requiring companies to take a much more formal and proactive approach to Risk Management.
Directors and managers are made accountable to failure of health and safety issues in their corporations. (http://www.workplaceohs.com.au, 11/7/2004) This is evident from the legal proceedings when the courts show more vigilance and less tolerance when it comes to companies implementing appropriate formal Risk Management. Cases such as Enron, Tyco and WorldCom in the US are international examples. Within Australia, Bell Scaffolding Aust Pty Ltd has been ordered to pay $1.64m, Leighton Contractors $525,000. NAB is another example of how failures in Risk Management can cost a company big, both financially and from a public relations perspective.
Importance of Communication
'Don't sweat the small stuff' - management actions need to be diverted from the trivial and hype to identify and manage the real threats and risks to their organisation.
Risk Management is about identifying and mitigating risks in its early stage. Therefore, focus should be placed upon risk identification as well as risk analysis and risk evaluation. And this requires constant communication between all members of the company, an essential step in Enterprise Wide Risk Management.
Corporations need enterprise wide visibility of risks and their controls. As such, a simple but effective risk management tool with a comprehensive knowledge base should be in place to allow an OnDemand assessment on risks, their causal pathways, controls, contributing factors, emergency responses and outcomes. And this should always be complemented with a flexible and meaningful real-time reporting tool.
