fbpx

Periodic Risk Assessment

Periodic Risk Assessment

Periodic Risk Assessment

Risk management has been recently gaining increasing attention in business due to its impact on the stability and continuity of business entities. Such attention has devolved into establishing specialist professional organizations entrusted with issuing the risk management framework, which includes international standards intended to create common understanding, implementation and reporting within a single country and worldwide.

Such organizations include the UK-based Institute of Risk Management (IRM) and the International Organization for Standardization (ISO), which issued ISO 31000: 2009.

The Institute of Risk Management set a definition of risk management process as follows:

“Risk management involves understanding, analyzing and addressing risk to make sure organizations achieve their objectives. So it must be proportionate to the complexity and type of organization involved. Enterprise Risk Management (ERM) is an integrated and joined up approach to managing risk across an organization and its extended networks”.

From theoretical perspective, business entities are required to set up an organizational unit charged with examining and managing risks and reporting the same to the Board of Directors in order to take informed decisions with respect to such risks.

In view of attention paid to risk management activity, a professional framework has been established for those interested in developing their knowledge of risk management to set for exams and receive international specialist professional certificates in the risk management area.

In the State of Kuwait, Law No. 7 of 2010 regarding the Establishment of Capital Markets Authority and Regulation of Securities Activity and its Executive Regulations were promulgated, which include in Module 15 – Corporate Governance – the risk management requirements that are mandatory for listed and licensed companies in accordance with the following articles:

Article 6-4 The Board of Directors shall constitute a committee named Risk Management Committee, which shall comprise a minimum of three members. The Chairman of the Committee shall be a non-executive director. The Chairman of the Board of Directors may not serve as a member in this Committee. The Board of Directors shall determine the membership term and its process of activities.
 Article 6-5 The minimum authorities and roles of the Committee are as follows:
  1. Develop and review risk management strategies and policies before approving the same by the Board of Directors, and ensure that such strategies and policies are implemented and that they are consistent with the nature and size of the Company’s activities.
  2. Ensure that adequate resources and systems are available to manage risks.
  3. Evaluate systems and processes of identification, measurement and monitoring of various type of risks to which the Company may be exposed in order to identify deficiencies.
  4. Assist the Board of Directors with determining and assessing the acceptable risk appetite in the Company, and ensure that the Company will not exceed such level of risk after being approved by the Board of Directors.
  5. Review the risk management function’s organizational structure and make recommendations in this connection before approving the same by the Board of Directors.
  6. Ensure that the risk management staff members are independent of the activities, which would result in exposing the Company to risks.
  7. Ensure that the risk management employees have thorough understanding of risks surrounding the Company, and enhance the staff awareness of risk culture and recognition.
  8. Prepare periodic reports on the nature of risks to which the Company is exposed, and submit such reports to the Company’s Board of Directors.
  9. Review the issues raised by the related audit committee, which may affect the risk management within the Company.
  10. The Risk Management Committee shall hold regular meetings at least four times during the year and when needed. The Committee shall record the minutes of its meetings.
Article 6-3 The Company’s organizational structure (as approved by the Board of Directors) shall include an independent risk management department/ office/ unit, which will primarily measure, monitor and mitigate all types of risks facing the Company as per the following:
  1. The Company shall develop effective risk management systems and procedures in order to be able to perform its key roles, i.e. measurement and monitoring all types of risks to which the Company is exposed. This process shall take place on ongoing basis and be regularly reviewed. Such systems and procedures shall be amended as and when required.
  2. The Company shall develop the periodic reporting systems since these represent a critical tool for the process of risk management monitoring and mitigation.
  3. The staff in charge of risk management department/ office/ unit shall have independence through reporting directly to the Board of Directors. In addition, they shall have significant amount of authorities enabling them to properly perform their roles without granting them financial powers and authorities.
  4. The risk management department/ office/ unit shall have qualified human resources who have professional competencies and technical capabilities.
  5. Review the deals and transactions that the Company proposes to enter into with the related parties, and provide appropriate recommendations in connection therewith to the Board of Directors.

In light of the above, the following is a summary of the risk management reports that listed and licensed companies should prepare:

  1. Periodic reports by the Risk Committee about the nature of risks to which the Company is exposed, which reports will be presented to the Board of Directors.
  2. The Integrated Report, which shall include a section covering the risks facing the Company, for the use of the Board of Directors and the executive management.

It is worth mentioning that the above reports are for internal use and not required to be submitted to the Capital Markets Authority. However, CMA has the right to request reviewing the same when conducting an inspection.

Furthermore, the companies licensed by shall comply with the provisions of Module 6 – Internal Policies and Procedures of Licensed Person – of the Executive Regulations of Law No. 7 of 2010, pertaining to the risk management report as per the following articles:

Article 4-2 The risk management systems of a licensed person shall include the key aspects enabling it to identify and properly manage risks; in particular these should include the following:
  1. Credit risk: it is the potential risk arising from exposure to failure by a counterparty to fulfill their obligations.
  2. Market risk: it is the potential risk arising from exposure to fluctuations in market value of assets.
  3. Liquidity risk: it is the potential risk arising from lack of cash required to meet the licensed person’s obligations as they mature.
  4. Operating risk: it is the potential risk arising from failure in financial, management or technology systems or human errors.
  5. Any other risks to which a licensed person is exposed.
Article 4-4 The Risk Management Officer shall present a risk report to the Board of Directors every six months along with providing the CMA with a copy thereof. The Board of Directors shall notify CMA immediately upon occurrence of deviation from the risk management systems and explain the actions to be taken to handle the same.

Added value to business entities from engagement of Risk Management Services in Kuwait

  1. Safeguard and maximize enterprise value.
  2. Ensure that the business entity complies with risk management requirements set forth in instructions and resolutions issued by the relevant regulators.
  3. Reduce impact of various types of risks through effective risk management framework that shall identify, measure, analyze, and use effective techniques to address or mitigate such risks.
  4. Enhance entity’s performance efficiency and ensure integrity of its financial statements and effective internal controls in place.
  5. Improve credit rating.
  6. Ensure that the business entity is able to continue to provide products and services at reasonable levels if they are exposed to incidents that may cause disruption thereof, and accordingly, achieve the competitive edge.
  7. Improve the business’ operations and increase awareness of critical operational aspects.
  8. Cost savings and avoidance of financial losses.
  9. Protect interests of stakeholders, business reputation and the brand.

Risk Management Services in Kuwait provided by Baker Tilly

Baker Tilly provides consulting services to companies licensed by Capital Markets Authority, listed and other companies in connection with risk management as follows:

  1. Biannual Risk Management Reports with respect to the risks encountering the licensed person, which will be submitted to the Board of Directors and Capital Markets Authority.

    (Reference: Executive Regulations – Module 6: Internal Policies and Procedures of Licensed Person – Chapter 4, Article 4.4)

  2. Periodic reports on the nature of risks to which a company is exposed, which will be submitted to the Risk Committee and the Board of Directors.

    (Reference: Executive Regulations – Module 15: Corporate Governance, Chapter 6, 5th Rule, Article 6.3/2 and 6.5/8)

  3. Assist with setting up independent risk management function, i.e. department, office or unit within the company.

    (Reference: Executive Regulations – Module 15: Corporate Governance, Chapter 6, 5th Rule, Article 6.3)

  4. Assist with developing risk management system including key aspects, which enable identifying and classifying all risks to which the company is exposed, methods of sound management of such risks and ongoing control techniques. Such systems shall cover in particular credit risk, market risk, liquidity risk, operating risk and any other risks that may face the Company.

    (Reference: Executive Regulations – Module 6: Internal Policies and Procedures of Licensed Person – Chapter 4, Article 4.2)

    (Reference: Executive Regulations – Module 15: Corporate Governance, Chapter 6, 5th Rule, Article 6.3/1)

  5. Develop Risk Committee Charter;

    (Reference: Executive Regulations – Module 15: Corporate Governance, Chapter 3, 2nd Rule, Article 3.7)

  6. Develop policies, procedures and forms that define and classify all risks to which the company may be exposed, the methods adopted to measure such risks, sound risk management methodologies and ongoing control techniques.

    (Reference: Executive Regulations – Module 6: Internal Policies and Procedures of Licensed Person – Chapter 4, Article 4.3)

    (Reference: Executive Regulations – Module 15: Corporate Governance, Chapter 6, 5th Rule, Article 6.3/1)

icon-angle icon-bars icon-times Scroll to Top
error: Alert: Content is protected !!