Risk managemet at Ernst & Young

Ernst & Young has created a holistic, systematic and integrated way to handle business risks and opportunities. The purpose is to make the companies better prepared and more effective in handling the uncertainties which are related to execution ofthe company’s business strategies.

Ernst & Young has found that QualiWare Lifecycle Manager is the best tool to integrate risk assessment and risk handling into a company’s key processes in such a way that a new platform for improvement of the processes and added value is created.

Today there is more focus than ever on corporate governance, risk management and ethics. The rapid globalization and the increased complexity in the business environment also means that the demand for risk management effects a much bigger number of businesses than is was the case just a few years ago.

The demand for risk management can also have personal implications – the chairman of the board, the president, or the auditors of a companyc an in certain situations be held personally responsible according to the Sarbanes-Oxleycodex, which applies to US-listed companies.

With Risk Management Ernst & Young has created a universe which not only encompasses incidents which influence the realization of the company goals in a negative way. The model also looks at the probability of an incident and how the incident can have a positive effect in creating new business.

RM identifies risks as well as newbusiness opportunities

Ernst & Young wanted to create a Risk Management model that allows companies to combine their work with risk assessment and risk management with profit generating activities or competitive advantages such as process improvements and increased customer service. Implementation of risk management can create the platform for other activities, such as: 

  • a clear common understanding and awareness within the organization of the company’s management and evaluation of risks, 
  • better decision making is achieved through a common understanding of risk levels and ongoing monitoring of risks across businessunits.
  • Improved processes for systematic identificationand evaluation of risks as well as exploitationof new business opportunities
  • Improved internal controls in all processes• Improvement of corporate governance viabetter risk management and reporting processes 
  • Prudent documentation of the company’srisk management activities.

How to start with risk management

There are a number of basic questions which aregood to answer up front, when the management of a company considers employing a risk management strategy:

  • Have the management clearly defined what risks the company wants to take on - the risk appetite.
  • Do we know the major risks and have they beenprioritized in relation to their probability andpotential impact on the execution of the company’sbusiness goals?
  • Do we have sufficient handling of risks – e.g. areownerships, controls, reporting etc. in place and do we have a suitable risk management strategy?
  • How efficient is the risk management, do we have overlaps or gaps between the different lines of businesses?
  • How robust is our risk management infrastructure.Do we have sufficient politics, procedures,training, etc. to adapt to and handle a changed risk environment?

QualiWare Lifecycle Manager –the right choice for RM

When a company initiates the work on Risk Management it is not limited to the financialaspects in the Sarbanes-Oxley codex only. It is important to see the major risks as an integrated part of the company’s business processes.

This is the background for the close co-operation between Ernst & Young and QualiWare. QualiWareh as since 1991 a leading position in development of IT-tools for use in process development and improvement. Ernst & Young has found that QualiWare Lifecycle Manager has the best facilities to support RM, e.g.:

  • A common methodology for graphic visualization and description of processes,
  • Communication with the company’s employees via intranet and Internet,
  • Flexibility to produce versions across businessunits and boarders 
  • All data stored in one common repository,so that changes only need to be made in one place 
  • Management of history and versions.