In a world of over-capacity and high competition, convergence, consolidation and new business models, organizations must take more risk to be profitable. Increasingly, management recognizes that the ability to take more risk than competitors and manage it effectively is a source of competitive advantage.
Moreover, in response to a number of risk events (which resulted in loss of reputation, shareholder value, sometimes loss of the enterprise, and loss to society and stakeholders) governance requirements are being established in more and more jurisdictions and industries. This requires that executive management and directors of the board ensure that their organization has identified and assessed its key risks.
With the benefit of hindsight, critics often believe that major risks and their consequences should have been anticipated, better managed, or avoided altogether.
Tough questions arise:
• Why didn't we know sooner?
• Why didn't somebody do something to prevent this?
• Where was management ... the board ... the audit committee?
At Deloitte, we believe organizations would be wise to embrace a broader perspective of risk, a perspective that views business risks in the context of their relationship to change, opportunities, objectives, and controls; one that examines threats not only to financial performance and control but also to an organization's strategies, business objectives, and reputation. Focusing on business risks from a broader perspective provides better insights into risk and its ramifications. Better insights should lead to better risk management, enhanced results, and fewer surprises.
Enterprise risk services help organizations develop a sustainable capability to proactively manage strategic and operational risk. We help implement self-assessment of risk and control, using proven methodologies, training, and software solutions. We independently diagnose the strategic exposure to risk and review the financing arrangements over insurable risk. We offer best practice in business risk management and systems of internal control to meet the increasing demands of corporate governance and regulation.
Our service offerings in the area of risk consulting include:
• Enterprise risk diagnostic
• Strategic risk assessment
• Operational risk assessment
• Financial risk assessment
• Regulatory compliance risk assessment
• Information technology risk assessment
• Risk and control self-assessment
• Control culture assessment
• Risk management S/W tools selection and implementation