Highlights from the January 25, 2023 HBK Risk Advisory Services webinar hosted by William J. Heaven, CPA/CITP/CISA, SCSP, Senior Director; and featuring Tyler M. Gargano, CFE, Director, Risk Compliance and Controls
How to better understand risk in operations and how to be more efficient in addressing risk.
How risk is viewed across organizations:
Ultimately managing risk comes down to have a strategy for identifying and dealing with risk.
Six main types of risk:
Financial risk: the likelihood of losing money on a business or sometimes an investment decision.
Operational risk: looking at flawed or failed process, procedures, systems, and events that could disrupt operations.
Regulatory risk: focuses on a change in laws or regulations that could hurt a business or an investment by affecting the business, the sector, or the market.
Reputational risk: damage that can occur to a business when it fails to meet expectations.
Inherent risk: posed by an error or omission in a financial statement due to a factor other than a failure of internal controls.
Cyber risk: related to loss of integrity of information, available information, data, or controls in an operational system.
Approach to dealing with risk:
Develop a strategy: like updating policies and procedures.
Create an audit plan: What you should be doing by testing; your risk assessment will drive your audit schedule and scope.
Select tools and protocols, and manage, train, and assign auditors:
Conduct audits and produce findings and reports from the audits that will show leadership what is going on and whether expectations are being met or not.
Functional view of an organization:
How risk is viewed:
Not all risk is bad. There are risks you’re willing to take, such as older machinery; and risk you are able to take.
Growth can be created through risk assessments. They help you identify where you need tighter controls and understand what the future state of your organization can look like.
Understand your company’s appetite for risk, from minimal to high levels.
How to evaluate and identify risk:
Perform annual risk assessments of the organization’s functions/departments:
Viewing risk and the operational strategy is extremely crucial for success and will set your business apart. If you don’t know where your risks are, you’re setting yourself up for not achieving your organization’s objectives.
Companies applying for cyber insurance are asked if they do an annual risk assessment; not likely to get insurance without a yes answer.