Grant Thornton UAE: It’s Your Choice – Business vs Risky Business
When looking at Enterprise Risk Management (ERM) within organisations, the need for further clarification soon becomes evident. The process of ERM is something that we may unknowingly follow in our daily lives, when planning to go on holiday or planning our next business venture. We evaluate the risks involved and the processes that need to be undertaken to ensure these risks are minimised. The same can be said for any business: The risks need to be evaluated in order to be effectively managed and to ensure they do not become detrimental to the business in the future.
One of the main reasons that organisations are hesitant and may not have adopted an ERM process yet is perhaps because theorists and consultants have, quite unintentionally, made the risk management concept and process look and sound complicated. In fact, organisations may be adopting the ERM process on a daily basis without being aware of this. In a society such as ours, heavily reliant on technology, people are accessing various sources of information on ERM – often containing complex diagrams, charts, manuals, and metrics – that cause some confusion and may very well discourage them from adopting sound risk management processes.
“The changing dynamics of the economy and the global market crash further reinforced the need for risk management.”
Previously, ERM was not discussed as widely as it is today. Business leaders and managers perceived ERM as a complex and unnecessary process which was moreover seen as inefficient and an unwelcome overhead. Only financial services firms such as banks would embrace ERM to reduce risk levels. However, when we look at the current business environment and the rapid technological changes taking place, risk management procedures seem called for in nearly any type of business venture.
The changing dynamics of the economy and the global market crash further reinforced the need for risk management. Recent experience highlighted the need for organisations to protect themselves against uncertainties in order to minimise the risk of personal, financial and reputational losses. However, some business leaders remain hesitant, questioning the ROI (Return On Investment) and the possible benefits to be obtained.
There still remains a lot to be done, especially within the United Arab Emirates (UAE), in order to enhance the awareness and knowledge of ERM in the local business community. The nature, components, approach, outcomes, and benefits of establishing integrated ERM processes in any given organisation are not yet fully understood.
ERM processes should be seen for what they in fact are: Straight and simple in both their nature and mechanisms. An ERM process is a tool that allows directors and managers to take a number of sensible strategic, financial and operational decisions. ERM is also an integral part of any advanced modern business management process and should, as such, be a welcome addition to the toolbox of managers.
When looking at ROI from the perspective of a changing business landscape within the UAE and the wider Middle East market, ERM cannot go unnoticed. Take the leisure and hospitality sector that sees an abundance of travellers pass through hotels and other facilities of international renown. If risk is not minimised, the impact of even a small mishap on a company’s brand, reputation and/or market position could be considerable. Usually, the tiniest of unfortunate events leave the biggest dent. However, the same could be said for ERM: A relatively small risk could in reality pose the biggest threat.
In many organisations it is often noted that operational plans (if they exist at all) are not always aligned with the strategic plan. As a direct result of this mismatch an organisation may be exposed to various types of risks – such as the lack of controls or disconnects between different management levels.
In the UAE, ERM awareness is now gradually on the increase. It is embedded in government institutions and local businesses that lead change within the region. These organisations are establishing, developing, and implementing processes and functions that aim to mitigate risk. Training is also provided and innovative software is procured to support and underwrite these pioneering efforts.
Preying on Weakness
The construction and real estate sectors of the UAE are currently booming as Dubai gears up for Expo 2020. This calls for robust protection against risk. It is well known that periods of profound change also bring increased opportunity. However, exposure to risk rises as well and can be extremely high. Greater demand brings increased risk. Fraudsters of all stripes are waiting in the wings to leap on any weaknesses and deficiencies in processes and systems.
In any organisation, it is the ultimately the responsibility of the board of directors, CEOs, CFOs and other key managers to build integrated and comprehensive internal control systems of risk management. Failing to do so may prove very costly and could result in losing shareholders’ wealth. The credibility of business leaders is at stake as is the trust of investors.
Accordingly, corporate leaders should start thinking seriously about ERM as one of the main tools for managing and directing their organisation efficiently. The following steps can be taken to minimise risk in a business environment:
- Embed a risk management culture in the business environment through awareness and training.
- Establish a methodology and approach based on a standard such as ISO 31000 to adopt an ERM framework in its most simple and applicable style.
- Appoint a consultant to assist in establishing and implementing the required processes, to help embed the methodology, and to train people.
Ultimately, it is the responsibility of business leaders to introduce and implement a comprehensive tool that enables them to predict the future and helps identify, mitigate, and monitor risks and threats before any harms is done to the business and its reputation. These methods should be embraced and considered carefully to protect the organisation and help achieve stability, profitability, and long-term growth.
About the Author
Mohamed Nassar is the Business Risk Services Partner at Grant Thornton UAE. Mr Nassar has over twenty years of experience. His professional portfolio includes ten years within the professional services prior to joining Grant Thornton. Mr Nassar worked in Cairo, Jeddah, and Dubai. He has also worked for some of the most reputable government agencies in the Middle East and for one of the largest oil & gas suppliers in the world. Mr Nassar specialises in a wide range of industries, such as oil and gas, hospitality, facility management, and financial services. He is a US certified professional of CIA (Certified Internal Auditor) and CCSA (Certification in Control Self-Assessment), and holds a public accountant registration.