Managing Risks

Once your ERM leadership team has settled on a complete set of risks to consider, the next steps involve addressing these risks. Though there are many ways to address risks, you might consider these four strategies:

If your mitigation strategy is…  EisnerAmper can help you… 
Put simply, when your business chooses to avoid a risk, it is committing to stop executing the activities that give rise to the risk. Risk avoidance is usually a function of consolidating business processes and implementing preventative controls to halt deviations from acceptable norms.

EisnerAmper has a team of experienced consultants crossing finance, operations, and information technology disciplines that can help you identify deficiencies in internal control that give rise to risk. This knowledge can help you refine your business practices to avoid the risks not worth taking.
A risk reduction strategy involves reorganizing business processes to reduce the risk exposure inherent in them. Your ERM leaders may opt to combine an avoidance strategy with a reduction strategy by complimenting preventative controls to stop actions with simplifications in business processes.

EisnerAmper consultants are experienced in operational excellence initiatives common in organizations of varying sizes. EisnerAmper can help your operational leaders identify activities that introduce unnecessary complexity in the business processes that intensify your risk exposure and recommend ways to simplify them.
A risk transfer strategy involves using financial instruments to delegate risk to a third-party. This may include purchasing insurance, hedging source materials prices, or other means. Risk transfer requires professional expertise from various parties in insurance and financial services to execute effectively.

EisnerAmper has developed relationships with financial services and legal experts to better assist your ERM leadership team source the appropriate knowledge and act on your business’ risk transfer requirements.
Acceptance and Monitoring
A risk acceptance strategy is a well-informed decision to accept the status quo and do nothing to mitigate risk. An appropriate acceptance strategy rarely lacks a strong monitoring approach to ensure that the risk indicators have not changed significantly over time once the risk acceptance decision is made. An acceptance and monitoring strategy might be an effective way of addressing emerging risks which are those risks that are anticipated to arise in the future. For instance, if your industry is anticipating a significant change in regulation but the specifics remain unclear, an acceptance and monitoring strategy would direct you to execute actions to evaluate your exposure to this uncertainty in advance of the emerging risk.

EisnerAmper has expertise in continuous controls monitoring that can be used to ensure your understanding of the risk drivers remains current. EisnerAmper can also help you evaluate whether you measured the risk correctly and assigned it an appropriate strategy. EisnerAmper has access to domain experts in industries to help you identify emerging risks that are relevant to your acceptance and monitoring strategy.