Risk Management is a fundamental part of any modern governance structures. Understanding risks allows organizations to set their risk tolerance levels and implement required internal controls to mitigate these risks and help ensure the organization can meet its strategic objectives.
Samson has significant experience providing audit and advisory services related to risk management and internal controls at the strategic, project, and operational levels in areas such as finance, and IT.
In dealing with various types and sizes of Recipient organizations for your Transfer Payments, you want to ensure that you can limit or manage the financial risks related to your projects or programs. We can help by offering:
ERM, also referred to as integrated risk management (IRM), is a process undertaken by an organization to mitigate financial, strategic, operational, and other risks that could have an adverse effect on an organization.
Board members, senior management and leaders in government organizations have a responsibility to be involved in overseeing the management of risks for their organization and to ensure that a robust risk management infrastructure is established and functioning well. Organizations don’t exist to manage risks. They exist to achieve their strategic objectives.
It is sometimes said that “it is difficult to prove the value of risk management activities”. However, it is like buying insurance – you don’t need it until you need it! Strong risk management programs assist organizations in either avoiding risks and their associated financial, operational or reputational exposures, or in being adequately prepared for the risks they will incur.
There have been many spectacular corporate failures over the years (ex. Enron, Bre-X, Lehman Brothers, Nortel) and these organizations didn’t plan to fail! It is likely that they either did not identify, understand or manage the risks that eventually destroyed their organizations or they were taking risks beyond their organization’s risk appetite.
ERM/IRM Support – How We Can Help You
Our team members have significant experience in designing, implementing and managing robust risk management governance and operating structures. We can work with you in the following areas:
Internal control is designed to assist organizations in achieving their objectives. Monitoring of controls is an ongoing process to periodically assess and sustain the management of internal controls over time in support of continuous improvement.
In the past ten years, Samson has supported its clients to review their significant financial processes and controls, carry out assessments of the effectiveness of their internal controls in place for key business processes, and conducting on-going monitoring for all three areas:
The approach proposed by Samson is based on the COSO framework and considers key policy instruments issued by the Treasury Board Secretariat (TBS) for Federal Government Departments and Agencies.
In most organizations, strategic risks are driven from a top-down approach as part of the corporate risk profile process, and cyber/IT is pretty much always identified as a strategic risk. On the other hand, the IT team may be conducting detailed technical risk assessments that is often difficult to reconcile with the top down perspectives.
We have developed cyber risk management frameworks that provides the foundation to bridge the top down strategic risk view with the bottom up technical view through the establishment of a cyber risk management framework that aligns available cyber risk information available.
Risk workshops are an excellent way to gather risk and control information in a controlled, yet free-flowing session.
We have experience leading dozens of risk workshops with:
We use anonymous risk voting technology that allows perspectives to be voiced in a controlled matter, and gather quantitative and qualitative risk information through a repeatable process.