Operational errors, IT incidents, a need to strengthen cybersecurity, and GDPR compliance
A company, following several errors and incidents, asked us to provide guidance on the management of risk in their operating environment in order to achieve better outcomes for their customers.
We agreed with them on the need for a holistic approach in managing risks and continuous improvement.
There was no Enterprise Risk Management (ERM) structure in place to manage all relevant risks. We described for them the benefits of implementing an ERM framework (ERMF):
- To support management understanding of risk.
- To Mitigate human errors, system issues, and vendor disruptions
- To help Identify cybersecurity and GDPR as areas of attention from a strategic and operational point of view.
- The need to look in detail at outsourcing as this was an important area in the context of Brexit and the current environment.
We helped to set up an operational risk management framework (ORM) as an integral component of the overall Risk Management Framework, which in turn formed part of the new enterprise-wide risk management framework (ERMF) which included:
PESTEL and SWOT analysis of the organisation’s long-term strategy.
- Operations: The risk incurred by the organization’s internal activities.
- Finance: Finances of the organization and the effects of external factors.
- Compliance: We looked at H & S, data protection, HR practices and regulatory issues.
- Operational risk identification and assessment methodology, process and techniques
- Effective operational risk measurement methodology (qualitative & quantitative)
- Unification of policies, procedures and processes for mitigating and controlling Op Risks
- Monitoring and reporting of operational risks to the management and stakeholders
- Implementation of risk assessment techniques that fitted the organization’s needs
- We linked the strategic objectives with risks to continue focusing on critical activities