Definitions and categories of risks for your clients

January 20, 2015

meeting boardroom professionalsRisk assessment refers to the company’s process for identifying and addressing business risks that it faces in conducting its activities.  Risk assessment is an important element of a company’s overall compliance program since an obvious source of potential liability for the company is failure to comply with applicable laws and regulations.  When sitting down with your clients to assist them with risk management the first thing you need to understand is that there are various categories of risk including the following:

  • Credit and market risks, such as unforeseen adverse declines in the liquidity of key customers;
  • Reputation risks, including security breaches that lead to loss of confidential information of customers and other business partners;
  • Strategic risk, including failure to conduct the amount due diligence on a new project necessary to make an informed decision; and
  • Compliance risks, including failure to identify and comply with legal and regulatory requirements applicable to the company’s products and services.

You should also be aware of the various factors that experts consider to be strong indications of increased risk, including:

  • Changes in the company’s regulatory or operating environment;
  • Changes in personnel;
  • New or revamped information systems;
  • Rapid growth of the company;
  • Changes in technology affecting production processes or information systems;
  • New business models, products or activities;
  • Corporate restructurings;
  • Expansion or acquisition of foreign operations; and
  • Adoption of new accounting principles or changing accounting principles.

Once a preliminary pass has been taken at identifying the specific risks confronting your client, the next step is designing a risk assessment program.  When you do that it’s important to take the following suggestions into account:

  • The risk assessment process should cover all areas in which there is a material risk of potential misconduct including areas that are unique to the company’s industry as well as risks associated with failing to complying all of the material federal, state and local laws and regulations applicable to the company’s business.
  • While the risk assessment process should be sufficiently broad to address all material risks it must also be done in context and recognize the limitations imposed by the company resources that are available for the assessment and for remedial measures.
  • The risk assessment process should include collection and analysis of relevant industry information and data regarding the company’s history with respect to the identified risk areas.
  • An attempt should be made to involve managers and employees from all levels within the company’s organizational structure since many risks, and solutions, are best identified at lower levels of the organization.
  • Each risk area should be given a measurement for “likelihood” and “severity” and an effort should be made to quantify each risk area to gauge the potential loss or injury to the company.
  • The risk assessment should be conducted in a defensibly objective manner and properly documented in anticipation of sharing the process and outcomes with regulatory authorities.
  • The risk assessment process should be institutionalized and assessments should be conducted on a regular basis.
  • The outcome of the risk assessment process should be used to benchmark the company’s compliance programs against the processes used by similar firms and the standards laid down by regulatory agencies and the courts.
  • Any deficiencies in the company’s compliance programs identified during the risk assessment process should be promptly addressed through remedial actions and procedures should be implemented to monitor and evaluate the effectiveness of such remedial actions.

To learn more about helping your clients with risk assessments see the following:

  • Business Counselor’s Guide to Risk Assessments (§226:66)
  • Client Executive Summary on Risk Assessments (§226:63)
  • Business Counselor’s Slide Deck Presentation on Risk Assessments (§226:64)