Watch: Identifying and Managing Risk in Your Organization

Date January 25, 2023

Highlights from the January 25, 2023 HBK Risk Advisory Services webinar hosted by William J. Heaven, CPA/CITP/CISA, SCSP, Senior Director; and featuring Tyler M. Gargano, CFE, Director, Risk Compliance and Controls

Watch On Demand.

How to better understand risk in operations and how to be more efficient in addressing risk.

How risk is viewed across organizations:

Ultimately managing risk comes down to have a strategy for identifying and dealing with risk.

  • Approach risk conversation from a perspective of how you can work to mitigate risk in day-to-day operations.
  • Use a control-based approach to locate risk and determine how to better combat it.
  • Six main types of risk:

    Financial risk: the likelihood of losing money on a business or sometimes an investment decision.

  • What do your financial statements look like and where is the risk in your finance department?
  • Can result in capital losses for individuals and businesses.
  • Includes credit, liquidity, and operational risks.
  • Operational risk: looking at flawed or failed process, procedures, systems, and events that could disrupt operations.

  • Are people using systems properly, as intended?
  • Are people trained and up to date on business operations?
  • How can risk affect operations and how do you prepare for those specific instances that can affect your business?
  • Regulatory risk: focuses on a change in laws or regulations that could hurt a business or an investment by affecting the business, the sector, or the market.

  • Is especially important if you’re operating in different states or even internationally
  • Reputational risk: damage that can occur to a business when it fails to meet expectations.

  • How you are perceived from stakeholders to investment to clients.
  • Can be mitigated through policies and procedures that ensure strategy is adhered to daily.
  • Ongoing monitoring of what’s going on in the organization is critical.
  • Inherent risk: posed by an error or omission in a financial statement due to a factor other than a failure of internal controls.

    Cyber risk: related to loss of integrity of information, available information, data, or controls in an operational system.

  • In every aspect of the business.
  • Many problems occur from phishing scams, clicking on something that shouldn’t be clicked on.
  • How many systems are you operating? Do you have people working remotely accessing your systems?
  • Data breaches increased more than 40 percent in 2022.
  • Hackers are getting more sophisticated in how they reach out to employees.
  • Phishing tests are important as 80 percent of breaches are initiated by phishing emails; employees are the weakest link in the chain.
  • Approach to dealing with risk:

    Develop a strategy: like updating policies and procedures.

    Create an audit plan: What you should be doing by testing; your risk assessment will drive your audit schedule and scope.

    Select tools and protocols, and manage, train, and assign auditors:

  • Do your people know what’s expected of them in performing tests for risk?
  • Consistent training is important.
  • Think about going to a more risk-based than operating environment.
  • External consultants/auditors bring expertise the company doesn’t have.
  • Conduct audits and produce findings and reports from the audits that will show leadership what is going on and whether expectations are being met or not.

  • Share with stakeholders; main driver is communications.
  • Functional view of an organization:

  • Operations, Finance, Sales and Marketing, Information Technology, Human Resources, and Risk Management – all work together, all rely on each other.
  • How risk is viewed:

    Not all risk is bad. There are risks you’re willing to take, such as older machinery; and risk you are able to take.

    Growth can be created through risk assessments. They help you identify where you need tighter controls and understand what the future state of your organization can look like.

    Understand your company’s appetite for risk, from minimal to high levels.

    How to evaluate and identify risk:

    Ongoing testing

    Perform annual risk assessments of the organization’s functions/departments:

  • Assessments are shaped by four primary factors: materiality of the amounts, complexity of the process, history of accounting adjustments/issues, and propensity to change.
  • Format assessment for how to test and approach risk management for the coming year.
  • Viewing risk and the operational strategy is extremely crucial for success and will set your business apart. If you don’t know where your risks are, you’re setting yourself up for not achieving your organization’s objectives.

    Companies applying for cyber insurance are asked if they do an annual risk assessment; not likely to get insurance without a yes answer.

    Speak to one of our professionals about your organizational needs

    "*" indicates required fields needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.