RBC

Corporate Security

Risk Management Services

     The purpose of  RBC Risk Management Services, is to assist our clients in identifying potential problems before they occur so that risk-handling activities may be planned and invoked as needed  to mitigate adverse impacts on achieving objectives.

     Risk management is a continuous, forward-looking process that is an important part of business and management processes. Risk management should address issues that could endanger achievement of critical objectives. A continuous risk management team approach is applied to effectively anticipate and mitigate the risks that have critical impact on the success of your company or organization..

     Effective risk management includes early and aggressive risk identification through the collaboration and involvement of your organization executive officer, management and employees.  Strong leadership is needed to establish an environment for the free and open disclosure and discussion of risk.

     Although corporate libelity issues are a primary concern both early on and throughout all project phases, risk management must consider both internal and external sources for cost, schedule, and financial risk. Early and aggressive detection of risk is important because it is typically easier, less costly, and less disruptive to make changes and correct work efforts during the earlier, rather than the later, phases of  your company growth.

Risk management can be divided into eight parts:  

1. Identify the Risks: as a group, list the things that might inhibit your ability to meet your objectives. You can even look at the things that would actually enhance your ability to meet those objectives eg. a fund-raising commercial opportunity. These are the risks that you face eg. loss of a key team member; prolonged IT network outage; delayed provision of important information by another work unit/individual; failure to seize a commercial opportunity etc.

2. Identify the Causes: try to identify what might cause these things to occur eg. the key team member might be disillusioned with his/her position, might be head hunted to go elsewhere; the person upon whom you are relying for information might be very busy, going on leave or notoriously slow in supplying such data; the supervisor required to approve the commercial undertaking might be risk averse and need extra convincing before taking the risk etc etc.

3. Identify the Controls: identify all the things (Controls) that you have in place that are aimed at reducing the Likelihood of your risks from happening in the first place and, if they do happen, what you have in place to reduce their impact (Consequence) eg. providing a friendly work environment for your team; multi-skill across the team to reduce the reliance on one person; stress the need for the required information to be supplied in a timely manner; send a reminder before the deadline; provide additional information to the supervisor before he/she asks for it etc.

4. Establish your Likelihood and Consequence Descriptors, remembering that these depend upon the context of your analysis ie. if your analysis relates to your work unit, any financial loss or loss of a key staff member, for example, will have a greater impact  the department than it will have on the Employer business as a whole.  

5. Establish your Risk Rating Descriptors: ie. what is meant by a Low, Moderate, High or Extreme Risk needs to be decided upon ahead of time. Because these are more generic in terminology though, you might find that your company  Risk Rating Descriptors are applicable.

6. Add other Controls: generally speaking, any risk that is rated as High or Extreme should have additional controls applied to it in order to reduce it to an acceptable level. What the appropriate additional controls might be, whether they can be afforded, what priority might be placed on them etc etc is something for the group to determine in consultation with the Head of the work unit who, ideally, should be a member of the group doing the analysis in the first place.

7. Make a Decision: once the above process is complete, if there are still some risks that are rated as High or Extreme, a decision has to be made as to whether the activity will go ahead. There will be occasions when the risks are higher than preferred but there may be nothing more that can be done to mitigate that risk ie. they are out of the control of the work unit but the activity must still be carried out. In such situations, monitoring the circumstances and regular review is essential.

8. Monitor and Review: the monitoring of all risks and regular review of the unit's risk profile is an essential element for a successful risk management program.