Start typing and press enter to search
Periodic Risk Assessment Services

Periodic Risk Assessment

Risk management has been recently gaining increasing attention in business due to its impact on the stability and continuity of business entities.

Such attention has devolved into establishing specialist professional organizations entrusted with issuing the risk management framework, which includes international standards intended to create common understanding, implementation, and reporting within a single country and worldwide.

Such organizations include the UK-based Institute of Risk Management (IRM) and the International Organization for Standardization (ISO), which issued ISO 31000: 2009.

The Institute of Risk Management set a definition of the risk management process as follows:

“Risk management involves understanding, analyzing and addressing risk to make sure organizations achieve their objectives. So it must be proportionate to the complexity and type of organization involved. Enterprise Risk Management (ERM) is an integrated and joined up approach to managing risk across an organization and its extended networks”.

From a theoretical perspective, business entities are required to set up an organizational unit charged with examining and managing risks and reporting the same to the Board of Directors in order to make informed decisions with respect to such risks.

In view of the attention paid to risk management activity, a professional framework has been established for those interested in developing their knowledge of risk management to set for exams and receive international specialist professional certificates in the risk management area.

In the State of Kuwait, Law No. 7 of 2010 regarding the Establishment of Capital Markets Authority and Regulation of Securities Activity and its Executive Regulations were promulgated, which include in Module 15 – Corporate Governance – the risk management requirements that are mandatory for listed and licensed companies in accordance with the following articles:

Article 6-4 The Board of Directors shall constitute a committee named Risk Management Committee, which shall comprise a minimum of three members. The Chairman of the Committee shall be a non-executive director. The Chairman of the Board of Directors may not serve as a member of this Committee. The Board of Directors shall determine the membership term and its process of activities.
 Article 6-5 The minimum authorities and roles of the Committee are as follows:
  1. Develop and review risk management strategies and policies before approving the same by the Board of Directors, and ensure that such strategies and policies are implemented and that they are consistent with the nature and size of the Company’s activities.
  2. Ensure that adequate resources and systems are available to manage risks.
  3. Evaluate systems and processes of identification, measurement, and monitoring of various types of risks to which the Company may be exposed in order to identify deficiencies.
  4. Assist the Board of Directors with determining and assessing the acceptable risk appetite in the Company, and ensure that the Company will not exceed such level of risk after being approved by the Board of Directors.
  5. Review the risk management function’s organizational structure and make recommendations in this connection before approving the same by the Board of Directors.
  6. Ensure that the risk management staff members are independent of the activities, which would result in exposing the Company to risks.
  7. Ensure that the risk management employees have a thorough understanding of risks surrounding the Company, and enhance the staff’s awareness of risk culture and recognition.
  8. Prepare periodic reports on the nature of risks to which the Company is exposed, and submit such reports to the Company’s Board of Directors.
  9. Review the issues raised by the related audit committee, which may affect the risk management within the Company.
  10. The Risk Management Committee shall hold regular meetings at least four times during the year and when needed. The Committee shall record the minutes of its meetings.
Article 6-3 The Company’s organizational structure (as approved by the Board of Directors) shall include an independent risk management department/ office/ unit, which will primarily measure, monitor, and mitigate all types of risks facing the Company as per the following:
  1. The Company shall develop effective risk management systems and procedures in order to be able to perform its key roles, i.e. measurement and monitoring of all types of risks to which the Company is exposed. This process shall take place on an ongoing basis and be regularly reviewed. Such systems and procedures shall be amended as and when required.
  2. The Company shall develop periodic reporting systems since these represent a critical tool for the process of risk management monitoring and mitigation.
  3. The staff in charge of the risk management department/ office/ unit shall have independence by reporting directly to the Board of Directors. In addition, they shall have a significant amount of authority enabling them to properly perform their roles without granting them financial powers and authority.
  4. The risk management department/ office/ unit shall have qualified human resources who have professional competencies and technical capabilities.
  5. Review the deals and transactions that the Company proposes to enter into with the related parties, and provide appropriate recommendations in connection therewith to the Board of Directors.

In light of the above, the following is a summary of the risk management reports that listed and licensed companies should prepare:

  1. Periodic reports by the Risk Committee about the nature of risks to which the Company is exposed, which reports will be presented to the Board of Directors.
  2. The Integrated Report shall include a section covering the risks facing the Company, for the use of the Board of Directors and the executive management.

It is worth mentioning that the above reports are for internal use and are not required to be submitted to the Capital Markets Authority. However, CMA has the right to request reviewing the same when conducting an inspection.

Furthermore, the companies licensed by shall comply with the provisions of Module 6 – Internal Policies and Procedures of Licensed Person – of the Executive Regulations of Law No. 7 of 2010, pertaining to the risk management report as per the following articles:

Article 4-2 The risk management systems of a licensed person shall include the key aspects enabling it to identify and properly manage risks; in particular, these should include the following:
  1. Credit risk: it is the potential risk arising from exposure to failure by a counterparty to fulfill their obligations.
  2. Market risk: it is the potential risk arising from exposure to fluctuations in the market value of assets.
  3. Liquidity risk: it is the potential risk arising from the lack of cash required to meet the licensed person’s obligations as they mature.
  4. Operating risk: it is the potential risk arising from failure in financial, management or technology systems or human errors.
  5. Any other risks to which a licensed person is exposed.
Article 4-4 The Risk Management Officer shall present a risk report to the Board of Directors every six months along with providing the CMA with a copy thereof. The Board of Directors shall notify CMA immediately upon the occurrence of deviation from the risk management systems and explain the actions to be taken to handle the same.

Added value to business entities from the engagement of Risk Management Services in Kuwait

  1. Safeguard and maximize enterprise value.
  2. Ensure that the business entity complies with risk management requirements set forth in instructions and resolutions issued by the relevant regulators.
  3. Reduce the impact of various types of risks through an effective risk management framework that shall identify, measure, analyze, and use effective techniques to address or mitigate such risks.
  4. Enhance the entity’s performance efficiency and ensure the integrity of its financial statements and effective internal controls in place.
  5. Improve credit rating.
  6. Ensure that the business entity is able to continue to provide products and services at reasonable levels if they are exposed to incidents that may cause disruption thereof, and accordingly, achieve the competitive edge.
  7. Improve the business’ operations and increase awareness of critical operational aspects.
  8. Cost savings and avoidance of financial losses.
  9. Protect the interests of stakeholders, business reputation, and the brand.

Risk Management Services in Kuwait provided by Baker Tilly

Baker Tilly provides consulting services to companies licensed by Capital Markets Authority, listed and other companies in connection with risk management as follows:

  1. Biannual Risk Management Reports with respect to the risks encountered by the licensed person, which will be submitted to the Board of Directors and Capital Markets Authority.

    (Reference: Executive Regulations – Module 6: Internal Policies and Procedures of Licensed Person – Chapter 4, Article 4.4)

  2. Periodic reports on the nature of risks to which a company is exposed will be submitted to the Risk Committee and the Board of Directors.

    (Reference: Executive Regulations – Module 15: Corporate Governance, Chapter 6, 5th Rule, Article 6.3/2 and 6.5/8)

  3. Assist with setting up independent risk management functions, i.e. department, office, or unit within the company.

    (Reference: Executive Regulations – Module 15: Corporate Governance, Chapter 6, 5th Rule, Article 6.3)

  4. Assist with developing risk management system including key aspects, which enable identifying and classifying all risks to which the company is exposed, methods of sound management of such risks, and ongoing control techniques. Such systems shall cover in particular credit risk, market risk, liquidity risk, operating risk, and any other risks that may face the Company.

    (Reference: Executive Regulations – Module 6: Internal Policies and Procedures of Licensed Person – Chapter 4, Article 4.2)

    (Reference: Executive Regulations – Module 15: Corporate Governance, Chapter 6, 5th Rule, Article 6.3/1)

  5. Develop Risk Committee Charter

    (Reference: Executive Regulations – Module 15: Corporate Governance, Chapter 3, 2nd Rule, Article 3.7)

  6. Develop policies, procedures, and forms that define and classify all risks to which the company may be exposed, the methods adopted to measure such risks, sound risk management methodologies, and ongoing control techniques.

    (Reference: Executive Regulations – Module 6: Internal Policies and Procedures of Licensed Person – Chapter 4, Article 4.3)

    (Reference: Executive Regulations – Module 15: Corporate Governance, Chapter 6, 5th Rule, Article 6.3/1)

Related Services

Audit, Assurance, Tax and Consulting Now, for tomorrow
© 2023 Baker Tilly Kuwait. All rights reserved. An independent member of Baker Tilly International