2. Definitions - Risk Management and Compliance
Risk…
Risk is defined as the probability / possibility of something bad happening – (A common definition)
The effect of uncertainty on our ability to achieve our Objectives – (ISO31000 definition)
Compliance…..
the process of making sure your company and employees follow all laws, regulations, standards,
and ethical practices that apply to your organisation which falls within governance
3. Development of Risk Management
Before the French mathematician Blaise Pascal’s probability theory, there was no means of measuring the
chance of potential outcomes
‘Preparing for the future was very much in the lap of the gods’
Risk Management has enabled significant improvements in Decision-making
Risk Management….
Encompasses the identification, analysis, and response to risk
factors that form part of the life of a business.
Effective risk management means attempting to control, as much
as possible, future outcomes by acting proactively rather than
reactively.
Corporate Finance Institute
4. Types of Risk
Types of
Risk
Regulatory
Compliance
Risk
IT Risk
People Risk
Credit Risk
Cybersecurity
Risk
Fraud Risk
Health &
Safety Risk
Building
Security
Risk
Brand &
Reputation
Risk
5. Risk Appetite – Pros and Cons of Risk-Taking
Risk Appetite…. is the level of risk that an organization is prepared to accept in pursuit of its business
objectives
Risks are not always negative and can present opportunities
Pros of Risk
Decision to ‘Invest in business expansion’
Cons of Risk
Failure to invest in robust IT Systems and therefore Cybersecurity risk management
6. Who’s Responsible for Risk Management
Risk Management is the responsibility of every employee
The Risk Management Tone & Culture of your organisation is ‘Set from the Top’ and the ultimate
responsibility is with the Board of Directors
Board of Directors
Management
Every company employee
7. The Risk Management Cycle
Risk Management is part of the Day to Day Business
8. Types of Risk Mitigation
What is Risk Mitigation?
A key element of the risk management cycle – ‘it’s the process of taking specific and deliberate actions to
minimise or eliminate unacceptable risks’ (Outside Risk Appetite)
Examples of Risk Mitigation
Staff Training - Well trained staff make less mistakes
Evaluate your Customers - Review the credit rating of your
customers before extending generous payment terms
Implement Four-Eyes Payment Controls - To ensure a single
individual cannot initiate and authorise payments
Buy Insurance - So that you can transfer the risk to someone
with a greater risk appetite for it
9. In Focus….A Major Risk during COVID-19
COVID-19 Pandemic has resulted in an unprecedented number of businesses enabling their staff to work from home
Working away from a secure office environment has resulted in a significant increase in Cybersecurity Risks and Threats
Cybercriminals have recognised and embraced this opportunity
Since the start of ‘Lock-Down’ across the globe, the number of incidences of Phishing and Business Email Compromise has
increased significantly
Over 90% of successful cybersecurity breaches start with an email and involve an act or omission (error) by a staff member
Post-COVID Trends in Phishing Emails Post-COVID Trends in Business Email Compromise
10. In Focus….Customer Data Protection (GDPR)
Six Major Principles of GDPR
1.0 Processed lawfully, fairly and in a transparent manner
2.0 Collected for specified, explicit and legitimate purposes
3.0 Adequate, relevant and limited to what is necessary
4.0 Accurate and, where necessary, kept up to date
5.0 Retained only for as long as necessary
6.0
Processed in an appropriate manner to maintain
security
General Rule:
GDPR (General Data Protection Regulations) applies to any company that stores or processes personal
information about EU citizens within EU states, even if they do not have a business presence within the EU
Supervisory Authorities have the power to impose fines
against companies guilty of breaching GDPR:
€10,000,000 or 2% of worldwide annual turn-over in
preceding F/Year (whichever is greater)
€20,000,000 or 4% of worldwide annual turn-over in
preceding F/Year (whichever is greater)
Size of the fine will depend on the severity of the incident
and type of personal data lost
Judicial Remedy
Penalties for Non-Compliance with GDPR
11. Next Steps In Protecting Your Business
Key Steps To Improve your Information Security , Data Protection and Business-wide Risk Management
Put an Info Security & Data Protection Policy in place as soon as possible
Complete a data inventory for your business i.e. What / Who’s / How / When assessment of the data do you
hold
Assign specific responsibility for Information Security and Data Protection at Board and Management level
Initiate a Cybersecurity Risk Assessment of your business with the support of an experienced risk consultant
Organise regular Cybersecurity staff awareness training for all staff at all levels of your business
Implement a broader business-wide risk inventory with the support of an experienced risk management and
compliance consultant
Engage in risk mitigation immediately where ‘common sense’ suggests you should do so; Your ’gut instinct’ is
often right!