Risk management

Achieving business objectives is central to the success of an organisation. The risks faced by the organisation must be identified and managed in order to achieve the objectives. Internal auditors assist the board and management by examining the effectiveness of the risk management processes.

Most managers consider they are well aware of their risks and manage them satisfactorily. However, ask those managers 'what is your process to ensure that you have identified all your most significant risks and evaluated them?', and the answers are not as confident. For whilst risk identification has improved, many organisations have made little progress in evaluating those risks effectively. A reliable quantification of risk is necessary to:

  • Understand the risk beyond a very superficial level
  • Determine if the risk is acceptable (balanced by the prospect of reward)
  • Determine the optimum level of control
  • Understand how different risks interact and aggregate with each other.

By applying our experience of risk measurement, systems and controls we are well placed to help organisations that wish to move beyond the first steps in identification and evaluation to more effective methods and better risk management.