December 11, 2014
The November 2014 Business Counselor Update also includes a new chapter (§§226:1 et seq.) covering the design and execution of risk assessments, which is another important element of any client’s overall governance program. The chapter includes a Master Form of a basic risk assessment questionnaire, discusses the role of risk assessments in the overall compliance process and describes how an effective assessment should be conducted. The Specialty Forms library includes risk assessment questionnaires covering a wide range of potential risk areas including human resources, information systems, operations, internal controls, business processes and adherence to guidelines promulgated for financial institutions.
All companies, regardless of their size and the industries in which they operate, are facing greater challenges with respect to identifying and managing the environmental risks that are related to their day-to-day activities. It is becoming routine practice for larger companies to create a corporate risk manager position and to have that position report directly to the chief executive officer.
Surveys indicate that risk management will continue to be a major concern for corporate executives in the years to come and the areas that are of most concern include corporate governance issues (i.e., compliance with an ever increasing number of complex laws and regulations and mandates included in court decisions); natural disasters (e.g., hurricanes, flooding and earthquakes) in the United States and in foreign countries where companies have substantial assets and/or are engaged in a high volume of business activities; higher levels of litigation that can result not only in liability for claims made against a company but also in substantial additional expenses to defend against the lawsuits even if the company is ultimately found not to be liable; physical infrastructure and facilities risks, including the rising costs of maintaining aging facilities and the potential damage to products, property and humans that may occur as the company operates over public roads and railways; and governmental regulation, apart from the corporate governance issues referred to above, that carries higher costs of compliance which will ultimately cause companies to raise the prices of their products and services and risk loss of market share to competitors.
Fortunately the increase in risk has been accompanied by the development of new tools to manage those risks. Even small companies can establish systems to collect and analyze information regarding potential events that may result in losses and insurance companies are working with their customers on enterprise risk management (“ERM”). In fact, a number of providers offer in-person and online courses on various aspects of ERM and companies should seriously consider having all of their top managers participate on a regular basis. Companies can also purchase sophisticated software tools that purport to provide integrated solutions for internal audits, financial controls management, risk management, information technology and governance/compliance. Among other things, the software allows companies to document, track and report on compliance policies and procedures, and also establish and maintain a standard library of industry specific laws and regulations. Viewed properly, risk management is part of the company’s overall strategic business planning effort to reduce and manage uncertainties in the environment in which the company operates.
Business counselors should regular discuss risk assessments and risk management with their clients and urge them to set up processes for identifying and addressing business risks that is faces in conducting its activities. In addition, business counselors must raise the question of “risk” whenever they become aware of certain key events in the lifecycle of their client including changes in the organization’s regulatory or operating environment; hanges in personnel; new or revamped information systems; rapid growth of the organization; changes in technology affecting production processes or information systems; new business models, products or activities; corporate restructurings; expansion or acquisition of foreign operations; and adoption of new accounting principles or changing accounting principles.