How to choose the ideal Risk Management Partner?
Risk Management process should be imbibed in a business as a tool to enhance efficiency and productivity. The practice of setting up a Risk Management function to ensure that controls are in place to mitigate losses has undergone drastic changes and developed into a more daring and challenging exercise. These changes, over the years, have helped accelerate business growth and identify opportunities in a much competitive environment. It is no longer enough that Risk Management personnel with only paper qualifications are required for executing their functions successfully. Research orientation, Business prudence, Skills to identify potential threats, Experience in adapting to current environmental changes, Cross-functional balancing capabilities to proactively meet challenging scenarios, etc, seems to be the attributes required for showcasing success in a Risk Management function.
In this era of Globalization, businesses face continuous challenges thrown by volatile market environment during their accelerated growth phase. These challenges arise out of economic changes, competition from new entrants, political changes and environmental demands. Due to these factors, every organization should view Risk Management Partnership as an important business decision.
However, Risk Management activity requires a team with good experience who have the capability to sculpt the best figure from obscure or abstract business situations. Selection of qualified & experienced personnel for a Risk Management Practice is a near to impossible task and needs to be confronted with multiple adaptive strategies depending on the organization’s capacity and commitment to achieving the objectives of Risk Management.
Some of the options presently utilized by many organizations are:
A. Develop an internal team of Risk Management experts
B. Internally source personnel from the line function to take up Risk Management function
C. Outsource the Risk Management Practice to Audit/ Management Consulting firms on an annual contract or concurrent review basis for a limited period or for a single round of risk review process.
Option A above is not a cost-effective strategy for SME’s but may seem suitable for large groups having activities spread over multiple industries.
Option B, on the other hand, would impair the independence necessary for the activity to be professionally successful in its execution.
Option C is a suitable option for SME’s and for large organizations who may need to establish afresh, look or relook into its risk governance model and are open to adopt new perspectives to its established Risk Management methodologies and outlooks.
Organizations who choose to outsource their Risk Management Function needs to identify a suitable process for outsourcing the Risk Management activity with a partner who is actively engaged in the practice of Risk Consultation across multiple industries.
Selecting a Risk Management Partner can be a tedious as well as a time-consuming process. Most of the time organizations, therefore, select the least priced option available. But choosing the right Risk Management Partner can be far from merely evaluating based on the Pricing aspect.
There are 6 aspects that needs to be considered while evaluating potential Risk Management Partners:
1) Structure of Risk Management Team
The Risk Management team should ideally be led by an experienced Director/ Partner, backed by qualified personnel in the business functions being reviewed and existence of an independent quality assurance process. This structure would provide an ideal leadership and guidance model backed by an independent verification process on the effectiveness & efficiency, quality of risk concerns raised, and practicality of the recommendations made.
The person responsible for the success of the function shall be the Director/Partner of Risk Management who shall need to showcase skills, experience and governance capabilities to ensure quality & time-bound delivery of results during the assignment. A person who has spearheaded the Risk Management function within the Industry or has the experience working as a Consultant/ Advisory role in the industry would ideal. Further, an assessment of the past experience would also provide an insight into the capabilities of the partnering entity in providing value through recommendations that are derived from the partner’s multi industry exposure.
3) Stamp of success
The Risk Management Partner should possess historical success stories where value addition to clients were evidently revealed. Showcasing of successful case studies without impairing the NDA clauses with prior clients should be an ideal method for identifying potentials for value addition from such partners.
4) Industry specific scoping
When requested for a Budgetary proposal, most Risk Consulting Partners furnish generic scope based proposals. However, it is upto the evaluating entity to either develop an RFP covering all the functional aspects or insist on conducting an Initial Risk Assessment to identify the scope areas to be covered. The Initial Risk Assessment would give organizations ample opportunity to assess the Risk Consulting Partner’s approach, experience & knowledge of the particular industry and helps in identifying the specific process coverage eliminating ambiguity for generalization of scope.
Further, the scope should cover all perspectives of risk from the following structure:
ii. Accounting and Reporting
iii. Operational Technology support from IT
iv. Human Resources efficiency and effectiveness, and
v. Administrative Governance
5) Time invested by Partner(s)
The proposal should ideally provide the time considerations which has been planned for the development of the proposal and fee quantification. Further, Onsite and Offsite time allocations should be revealed as a percentage of the total time requirements to ensure that the partner puts in sufficient time for ensuring quality and success of the deliverable.
A short time consideration would prove to be an unsuccessful coverage for assimilation of facts from the organization’s functions and processes. A long duration would lead to cost escalation in the activity which may not be a sufficient justification for incorporating the Risk Management function in to the organization.
Hence, a balanced approach should be identified, acceptable to the organizations and the Risk Management Partner should provide a justified basis for the decisions.
6) Information for considering the proposal.
The proposal should ideally cover the following aspects:
i. Scope understanding by the Risk Management Partner
iii. Past experiences in specific industry
iv. Experience in other industry (to identify and benefit from synergic approach)
v. Team Profile
vi. Time requirements
vii. Risk Management Process that shall be followed in execution, etc.
ix. Scope limitations if any
Any proposal wherein the Team Profiles are not available should be rejected. This is because, in many cases, the recruitment for the activity is taken up by the Risk Management consulting organization after the successful signing of the proposal. This would lead to selection of low-cost resources to meet the profit aspirations from the activity. Further, presence of an existing team would reveal the successful working pattern of the Risk Management process of the organization. The content of the proposal should provide sufficient information to the Management for the selection of an ideal partner for Risk Management function.
Risk Consultants play a vital role in establishing the Risk Control infrastructure in every industry. They have made remarkable achievements in cost cutting, detection of revenue identification failures & frauds, in addition to prevention and providing for corrective measures in such areas. The prudent use of Risk Consultants could support the organizations in their war to combat risks prevalent in their industry.