Risk management and internal controls consulting

Nowadays, companies are being significantly more imposed on by shareholders, executive management, regulatory bodies and other stakeholders. As a result, organisations are putting internal control systems as their top priority. An internal control system provides several advantages for organisations which could eventually increase shareholder value, including; better managerial decisions on up-to-date and correct data and information, assuring the interest of company shareholders and securing their investments, better management of risk and implementation of strong and qualified procedures.

  • Internal environment – Management sets an ideology regarding risk and establishes a risk appetite. The internal environment sets the basis for how risk and control are viewed and addressed by an entity’s people. The foundation of any business is its people – their individual characteristics including; honesty, principles and expertise and the environment in which they conduct their work.
  • Setting of objectives - Objectives are very important for management before and events affecting their achievement can be identified. Risk management assures that management has a process to set objectives in place and that the identified objectives coordinate with the entity’s mission.
  • Event identification – There are many events that might have an impact on the company. This involves analysing possible events from internal and external sources that affect the attainment of objectives.
  • Risk assessment – Risks are analysed to form a basis for determining how they should be managed. Risks are associated with objectives that may be affected. The assessment considers risk likelihood and impact.
  • Risk response – People identify and evaluate possible responses to risks, which include avoiding, accepting and reducing risk. Management selects a set of actions to align risks with the entity’s risk tolerances and risk appetite.
  • Control activities – Policies and procedures are established and executed to help ensure the risk responses management selects are effectively carried out.