Aligning risk management to the strategic planning process is an essential element in ensuring business resilience and market competitiveness. At CorProfit, we recognise that a one-size-fits-all philosophy is not enough to embed the risk process. We offer an integrated approach that harnesses a range of risk types or strategies to produce a consolidated analysis, quickly highlighting the ‘hot spots’ you can focus on.

CorProfit has an approach to managing Strategic Risks that sets this on a course of its own, rather than trying to incorporate the traditional ISO31000 approach that can lead to a blurring of managing strategic risks together with other risks.

Whether you start from the Top Down (Strategic Risk Management) or Bottom up (Operational Risk Management), the CorProfit approach has the “hooks” to align and integrate the different strands of risk management that you are implementing.

It is evident that a range of different risk management functions exist and that the risk framework has a broad application.  For example, covering business risks, business continuity, IT security, regulatory risks, fraud risk management, etc.

The key to a successful implementation of a risk framework is inherent in its design, which CorProfit terms a “roadmap”. The role of the roadmap is to define the implementation from inception through to the time that risk management is a mature, self-sustaining function in the company. The roadmap sets out the means by which your company’s risk policy will be implemented, having regards to the needs of staff that may require a simpler approach to start with.  Over time, the approach will change and the roadmap will provide the guidance necessary for this.  A well-designed roadmap ensures that the company understands the options that it faces at the time of incorporating more aspects into the framework, in particular to avoid rework that might otherwise occur.

The roadmap is developed as a guidance document with the “goalposts” necessary for you to measure the achievement of each facet related to the risk strategies you wish to develop or focus on.

CorProfit works in several industries, particularly as and when each industry segment adopts risk management into its business strategies.  There are certain aspects of a risk framework that are generic, that suit all types of industries and other aspects that are obviously unique.

CorProfit has built a successful track record in giving our customers the tools and techniques that makes risk management relevant and effective at all time, adding the value you envisioned from the beginning and that is the least costly to resource.

Implementing ERM seems easy, however it is not easy, if the knowledge of “how to” is absent.  If one does not have the knowledge, it is better for them to procure the knowledge.  Trying to do it on your own may or may not work.

There is a body of knowledge about ERM implementation that is not discussed in ISO31000 or other publications.  In CorProfit’s view, most of the practitioners out there don’t use software.  It is imperative for you to have a solution that encapsulates appropriate IP in the risk programs you are doing with software that moulds itself to your processes and procedures.  It follows that the software that you must support your ERM with involvement by excellent practitioners that add value.

After you have established your Risk Policy, Risk Framework and Risk Management Procedures and Risk (Maturity) Roadmap, it is time to implement. Our track record in using state of the art methodologies makes an invaluable contribution, to close potential gaps you have in achieving the level of implementation you envisioned, or we strengthen the capabilities that you have.

CorProfit has assisted its customers to establish pragmatic risk management frameworks with stages that show tangible outcomes of the value of integrating risk management in day-to-day functions.  We have successfully integrated risk management, internal review (or audit) and compliance, as well as incident management / loss event recording in ways that are unique.  The feedback that we have received from numerous customers is that no other provider of services in these industries has demonstrated this level of understanding.

CorProfit also partners with other professional consultants to give our customers added value in the delivery of expert services for example in the areas of business continuity management, fraud prevention and project risks.

The costs associated with designing a Risk Framework and resourcing a team to implement are insignificant compared to the costs in implementing in your company.  It is true that the costs design a Risk Framework are material costs to you, however the real costs are in the deployment of your risk management system, the staff that engage with the risk processes and reporting, and the support costs in doing this.

The weaknesses that you have in your Framework and implementation approach will undoubtedly show up in the day to day field work of implementing risk management.

CorProfit offers mentoring as well as peer reviews of your risk management functions (from Framework Design to Implementation in the business lines).

This provides checks and balances to ensure that you make positive and cost beneficial progress in implementing risk management.

• Gap Analysis of the Risk Framework

It’s fairly obvious from research about the topic that there is no universal risk framework that your company can draw on as the explicit one, whereas for comparison purposes there is for the accounting profession for producing financial statements.  The most respected risk management standards and codes do not prescribe the exact process that should be followed (they provide broad guidelines only), but rather leave your company to determine its own framework.

It follows that risk management is seen as a performance management tool and the best frameworks will make a difference in achieving superior results in a competitive global market place.

CorProfit reviews your Risk Framework against a benchmark Framework while taking  taking into consideration your unique contexts and objectives for risk management.  We provide you a report of the gaps in your Risk Framework and the implications of not dealing with them.

Risk management is still a developing industry and there’s not a lot of precedence in the market place to show up the most outstanding ERM frameworks that can support the real needs of risk management.

CorProfit leadership ensures that you have a Risk Framework that is capable of being implemented by collaborating with CorProfit.

• Gap Analysis in your Implementation Plan

It is sensible to ask these two questions when embarking on your ERM implementation:

What are the objectives of the ERM implementation?

Where do we want to be in 3 years’ time?

We in CorProfit in turn ask, “if you knew now, what you will know in 3 years’ time, would you have changed the way you started out now?”

You answer would naturally be, definitely, we would start out differently!

CorProfit stands unique in having the knowledge and experience of what your ERM journey would look like in the ideal, in 3-years’ time.

We work in with you to show you the gaps in your ERM Implementation Plan, gaps that would otherwise impede you in achieving the goals you have for ERM.

There is no published body of knowledge about ERM implementation, CorProfit is setting the trend here.

• Mentoring Services

There’s a truism in Risk Management that the level of maturity in your company reflects the competency of the head of risk management.

Your investment in having CorProfit provide mentoring services to your Risk Management staff leads to a fast-tracking of your risk practices to deliver business value.

The costs to resource Risk Management and ERM is an investment, it pays for itself over and over.

CorProfit offers an ERM Preparedness Service.  This has been researched to deal with the rolling out of ERM programs and setting these on a course for success.

As mentioned elsewhere, the ISO31000 is not a prescriptive Standard that enforces one particular way.  Rather it leaves you to design a Framework and Procedures approach that is appropriate to your industry and company operations.

It follows that Risk Management is seen as a performance management discipline (rather than merely as compliance) and the best frameworks will make a difference in achieving superior results in a competitive global market place).

The aim of the CorProfit ERM Preparedness Service is to look at your current situation to be able to implement ERM successfully.  We lay out the key pillars of ERM that first need to be in place before you implement, as that is where you will incur the bulk of your costs. For example, we ensure that your policies, framework, procedures, processes, tools, software, structures, etc. are strong enough to be rolled out.

Any omissions in policies, framework, procedures, processes, tools, software, structures, etc will inevitably show up at some future stage and cause impediments to your progress in implementation ERM.  Unless you deal with this in the first place, the problems that crop up down the track may require significant re-work.

CorProfit has a systemised approach to the ERM Readiness which gives you a diagnostic against some scores and indicators, enabling you to proceed more smoothly and with better outcomes.  The ERM Readiness becomes a diagnostic tool that is used at each significant stage of your ERM journey and can be run by yourselves after CorProfit has worked with you on the first one or two uses of ERM Readiness.