89% of CEOs tell us that they plan to change their approach to risk management in 20121. Doing business is becoming increasingly complex. Risk has the ability to disrupt and cause irreputable reputational damage to your business.

If you are going to manage your risk effectively you need to start right at the top and ask “Do I have the right approach to identifying, measuring and monitoring risk?”

Start by taking a look at your governance structures: Does your Audit Committee effectively address risk? Is your Internal Audit function meeting the needs of the business? Have you addressed all your regulatory requirements?

Review your operational risk: How vulnerable are you to fraud? Is your corporate or customer data at risk? Could any of these have a disproportionate reputational impact? In addition, people, processes or change within your organisation can often create hidden risks or risks that are not necessarily obvious.

It’s impossible to eliminate all risk; it’s unhealthy even to try. Your long-term success will depend on ensuring that you take the most appropriate risks for your business. Getting this balance right is crucial.

The first rule of risk is to:
identify it, measure it and monitor it!

People expect more from Audit Committees today.

The role of the Audit Committee and its members is more difficult and challenging than ever — given the recent economic environment; increased expectations by shareholders, regulators, and other stakeholders; heightened scrutiny when things go wrong; more responsibility for risk management; and more focus on the need for fraud prevention.

How effective is your Audit Committee? Do members fully understand their role and responsibilities? Are the skills and experience right for your organisation? Is the Audit Committee getting what it needs from Internal Audit? Have you carried out a recent evaluation of either the Audit Committee or Internal Audit?

Maximising the effectiveness of your Audit Committee is now critical to ensuring that you continue to meet expectations.

How we can help
Reviewing the effectiveness of your Audit Committee

Briefing and training workshops for your Audit Committee and Board

Reviewing the effectiveness of your Board

External quality reviews of your Internal Audit function

An unencrypted file with high-risk data sent to the wrong e-mail recipient, a lost flash drive with sensitive information, or a laptop left unguarded at a restaurant, coffee shop, or other public location.

Your business is exposed to risks like this every day. Privacy, security and information risk management issues are increasingly making the Board room agenda of many of the world’s leading companies.

Data is an important business asset. Are you protecting it wisely? Do you have sufficient IT and physical controls in place to reduce data privacy risks, lower potential data sharing exposures, and improve compliance with the Data Protection Acts? Do your employees have the tools and training to protect high-risk data?

While regulatory and consumer pressure for data protection laws which protect personally identifiable and sensitive information increase, too stringent an approach to this area may impede every-day business operations. Getting the balance right by minimising your risk of data loss and strengthening your overall information security environment is critical.

How we can help
Conducting data privacy and security assessments

Carrying out theft prevention assessments

Performing penetration tests on key company websites

Dealing with incidents of improper disclosure and identity theft, breach notification and forensic investigations

Assessing your compliance with Data Protection Acts

Over 25% of organisations in Ireland were victims of fraud over the last 12 months. Of these, over 33% reported financial losses of up to €3.75m. We expect fraud to increase in the year ahead[1].

The top four economic crimes reported are: asset misappropriation, cybercrime, accounting fraud and money laundering. Interestingly, cybercrime is now the second highest area of reported fraud in Ireland.

While most organisations were aware of cybercrime risks, many are doing little about it and continue to be reactive rather than proactive in addressing this risk. Cybercrime can create reputational damage; financial loss; sensitive data loss and related regulatory consequences.

Fraud is a fact of life when doing business. It cannot be wholly prevented, but fraud risks can be mitigated. The best way to respond to fraud is to know your vulnerabilities. Actively monitor your vulnerabilities by carrying out regular fraud risk assessments. The fewer the fraud risk assessments you carry out, the less likely you are to detect fraud.

It is not so much a question of always expecting the worst, but being prepared for the unexpected and, should it occur, being ready with an effective fraud response plan.

How we can help
Advising on your risk management framework and processes

Carrying out fraud risk assessments

Advising on fraud prevention and detection

Carrying out fraud investigations

Advising on your approach and management of information security

Reviewing IT security threats, vulnerabilities and risk assessments

Gathering electronic evidence