Organisations of any kind face internal and external factors and influences that make it uncertain whether, when and the extent to which they will achieve or exceed their objectives (ISO 31000:2009). Risk is therefore the effect of uncertainty on objectives. An objective is a deviation from the expected, positive (upside) or negative (downside). Risk is often characterised by reference to potential events and consequences. Risk is often expressed in terms of a combination of the consequences of an event, including changes in circumstances and the associated likelihood of occurrence.

Risk management, on the other hand, is a set of coordinated activities to direct and control an organisation with regard to risk (ISO Guide 73:2009).  COSO (2004) defined enterprise risk management (ERM) as a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. LeishTon can work with you to develop and implement holistic and integrated enterprise-wide risk management framework and policies. We can also review your risk management documentation as a distinct service or as an integral part of your risk management function’s review. Key enterprise risk management documentation LeishTon can work with you to design include:

  Enterprise Risk Management framework

  Enterprise Risk Management Policy

  Risk Appetite and Escalation process

  Environmental and Social Risk Policy

  Market Risk Policy

  Operational Risk Policy

  Credit Risk Policy

  Insurance Risk Policy

  Investment Risk Policy

  Liquidity Risk Policy

  Legal Risk Policy

  Risk Register

  Risk Assessment techniques

  Risk Classification Systems

  Fraud Risk Management Policy

  Risk Management Work Plan

  Risk Management Model

  Risk Sophistication Model