Fraud Risk Management in the Current Age with Prem Kumar
The Psion Insights' internship programme builds students capabilities through key experiences and...
Our market climate is continually changing, technologies are advancing, regulations are updated, competition is increasing, and demand is evolving. Effective risk management enables business and individuals to adapt to these changes and respond to new market conditions.
Recent headline events include the Volkswagen emissions deception, Wells Fargo fraudulent sales practices, and Dwolla's penalty from the Consumer Financial Protection Bureau (CFPB), illuminating powerful motivators for vital risk management programs. Key to a robust plan is reducing stressful and catastrophic surprises and having effective mitigations measures in place.
For example, when Plains All American Pipeline failed to detect corrosion in its pipeline, the result was a 3,000-barrel oil spill and millions of dollars in fines. Deterioration remained under the radar when the company did not assign adequate inspection resources and did not maintain appropriate processes and systems to avoid problems from progressing to emergencies.
However, best practices for risk management should have supported standard procedures in the company, and regular assurance would have helped prevent the disaster from occurring.
Complying with regulators like the SEC and CFPB
The Securities and Exchange Commission (SEC) is a U.S. government agency that oversees securities transactions, activities of financial professionals and mutual fund trading to prevent fraud and intentional deception. The SEC consists of five commissioners who serve staggered five-year terms. And the Consumer Financial Protection Bureau (CFPB) is a regulatory agency charged with overseeing financial products and services that are offered to consumers. The CFPB is divided into several units: research, community affairs, consumer complaints, the Office of Fair Lending, and the Office of Financial Opportunity.
Dwolla, a small private e-commerce and online payment company, was found by the CFPB to be guilty of risk management negligence for inadequate data security practices. The catch is that Dwolla did not suffer a data breach, and none of its customers was compromised. The CFPB fined Dwolla $100,000 as part of its increased focus on companies' existing prevention strategies.
Regulators are no longer merely targeting companies that have encountered risk management incidents but are looking at the risk management framework and its implementation. The approach is likely to have been adopted to build greater resilience in a companies business model and ideally ensure fewer incidents occur. Companies need to pursue strategic approaches rather than expect to get through.
An independent peer-reviewed report, "The Valuation Implications of Enterprise Risk Management (ERM) Maturity" published in the Journal of Risk and Insurance, has found that companies with mature ERM systems (as described in the RIMS Risk Maturity Model) will obtain a 25% corporate valuation premium over those without.
Risk management does not have to be a burdensome addition to day-to-day responsibilities. It can support controlled simplification, increase operational transparency and reduce the impact of adverse events. A simpler and more resilient business model allows more resources to be spent on value-added activities, such as product development and client relations.
Checklist for evaluating your risk management efforts
A better question than "Does my organisation perform risk management?" is "How effectively does my organisation identify and mitigate risks?" The following checklist outlines characteristics common to effective risk management programs. Your organisation should prioritise development in these areas.1. Efficient governance of risk management
In their position of risk oversight, boards are responsible for the material impact of the risk, whether the cause is at the executive level or on the front lines. The SEC considers negligence, which holds the same penalty as fraud, to be not knowing about a material risk.
Risk assessments tend to answer more than high-level questions. Efficient reviews drill into risk events, discover the root cause, or challenge and "drive" risk mangement. Periodic and repeatable risk assessments should be aligned to the inherent risk in the operating environment and
Risk appetite is a high-level statement that acts as a reference to strategic decisions. It should be followed by its quantitative cousin, risk tolerance, to be actionable. Risk tolerance is a vital monitoring technique for crucial performance targets and risk metrics.
5. Centralisedrisk monitoring and control activities
Risk managers need to do better than design systems to identify risks and respond appropriately. A crucial third component—monitoring—is the verification of the effectiveness of risk management. There are a few essential points to bear in mind to make surveillance effective:
To continue financing the companies' risk management programs, boards need evidence that these programs are successful. Before reporting to the Board, risk managers can ask two fundamental questions:
These items are just a starting point for an analysis of your organisation's program.
Can you run a project without project management? it was unnecessary a few decades ago. However, in...