Risk Management Consulting Services

Risk Management Consulting Services

Risk Management is the process whereby organizations methodically address the risks attached to their activities with the goal of achieving sustained benefit within each activity and across the portfolio of all activities.Source: Institute of Risk Management

Given the critical role of risk management function, the regulators, e.g., Central Bank of Kuwait, Capital Markets Authority and Insurance Regulatory Unit, stressed the requirement to set up an organizational unit to be in charge of risk management and form a risk management committee to monitor the risk management activities and present the reports and findings to the Board of Directors.

What are Risk Management Consulting Services?

The Risk Management services comprise two key types, i.e., risk management outsourcing services and specific-scope risk management consulting services. These services contribute to enhancing the capabilities of business entities to effectively manage risks.

What is the difference between Risk Management Outsourcing and Risk Management Consulting Services?

The Risk Management Outsourcing services encompass performing the duties of Risk Management Officer as a registered position in accordance with the provisions of the Executive Bylaws of Law No. 7 of 2010 concerning the Establishment of Capital Markets Authority and Regulation of Securities Activity.

On the other hand, risk management consulting services are comprised of specific-scope consulting services as requested by business entities that have an organizational unit and job structure for risk management. These consulting services are intended to provide deliverables in line with the scope of work within a defined timeframe where the staff of risk management function within business entities will implement and follow up these deliverables.

Does the Capital Markets Authority allow licensed companies to outsource the Risk Management Activity?

Yes, the Capital Markets Authority allows this as the Executive Bylaws of Law No. 7 of 2010 regarding the Establishment of the Capital Markets Authority and the Regulating Securities Activities in Module 5, Chapter 3, Article 3-2-8 sets forth the following:

A licensed person may engage an external firm to perform the tasks of the registered jobs as follows:

  1. An external firm may be engaged to perform the following tasks of the registered positions:

    • Risk Management Officer
    • …………..

What are the tasks and duties assigned to the Risk Management Officer as per the Capital Markets Authority Bylaws?

Pursuant to the provisions of Article 6-3 of Chapter 6, Module 15, “Corporate Governance” of the CMA Executive Bylaws detailing the Risk Management functions, including measurement, monitoring, and mitigation of all types of risks encountered by the Company, the risk management activity will be performed as follows:

  1. Establishing effective systems and procedures of risk management so that the company can perform the key functions thereof, i.e., measuring and monitoring all types of risks to which the Company is exposed, provided that such process shall be conducted on an ongoing basis and reviewed periodically, and such systems and procedures shall be amended when necessary.
  2. Developing periodical reporting mechanisms, as they are considered a crucial tool in the process of risks monitoring and mitigation.
  3. Reviewing transactions to be made by the Company with the related parties and making proper recommendations in this regard to the Board of Directors.

The risk management service shall be rendered in accordance with the corporate governance rules and requirements, which set forth as per the aforesaid Article, as follows:

  1. Officers of the risk department/ office/ unit shall be independent through directly reporting to the Risk Committee. In addition, they shall have significant powers enabling them to perform their roles properly without being granted financial powers and authorities or any powers or authorities that lead to conflict with their regulatory role.
  2. Such risk department/office/unit shall have qualified human resources with professional competencies and technical capabilities.

What are the advantages of outsourcing the function of a Risk Management Officer?

Here are the key advantages that business entities gain from outsourcing risk management activities:

  1. Access to specialized knowledge and expertise possessed by the external firm providing outsourced risk management services.
  2. Cost saving compared to maintaining an in-house risk management team.
  3. Enable the business entity to focus on its core activities, strategic initiatives, and revenue-generating operations.
  4. Limit the liability of the business entity and obtain risk management services according to the changing needs of the business.
  5. Ensure compliance with the latest standards and practices in risk management.
  6. Provide objectivity in the risk management process, as the external firm is not influenced by internal factors within the business entity.
  7. Rapid response to emerging risks, helping the business entity effectively deal with changing circumstances.

What are the services provided through risk management consulting?

The risk management consulting services include the following:

  1. Developing Risk Management Framework

    The Risk Management Framework is a formal structure employed by business entities to address risks effectively and systematically. The Risk Management Framework comprises:

    • Risk Management Strategy
    • Risk Profile, which includes the following:

      1. Risk Identification
      2. Risk Analysis
      3. Risk Evaluation
      4. Risk Treatment
      5. Monitoring and Communication
    • Risk Register

    Business entities should constantly review the Risk Management Framework and identify gaps therein in order to make the necessary updates ensuring its effectiveness.

  2. Reviewing and updating the Risk Management Framework

    Conducting a thorough review of the Risk Management Framework and updating it based on the review findings, ensuring that any emerging risks facing a business entity are captured and that the Risk Management Framework is in compliance with all regulatory requirements and global risk management best practices.

  3. Attending meetings with Risk Audit and Risk Committee to present periodic risk management reports

    Delivering presentations to the business entity’s Audit and Risk Committee to highlight the contents of periodic risk management reports and provide responses and explanations to any questions or inquiries raised by the Audit and Risk Committee in this respect.

  4. Preparing periodic risk management reports

    Preparing risk management reports for Boursa Kuwait-listed companies and companies licensed by the Capital Markets Authority as per the requirements set forth in the Executive Bylaws of Law No. 7 of 2010 regarding the Establishment of the Capital Markets Authority, Module Six, Article 4-4, which states as follows:

    The risk management officer shall submit a risk report to the Board of Directors every six months, with a copy provided to the Authority. The Board of Directors shall inform the Authority immediately of any breaches of risk management systems and explain the procedures to be followed to address them.
  5. Risk Management Automation

    Providing advice and consultation about the most reliable software for integrated risk management automation, as well as assisting business entities in deploying such software to generate real-time reports.

  6. Setting up Risk Management Unit/ Office/ Department

    • Preparing Policies, Policies and Procedures Manuals
    • Preparing the job structure based on the Risk Management Committee’s insights on creating the risk management function
    • Preparing job descriptions for the risk management function
    • Preparing the monthly report template for the risk management function
  7. Setting up the Risk Management Committee

    • Preparing Risk Management Committee Charter
    • Preparing the job descriptions for the Risk Management Committee members
  8. Risk Management Training

    Developing and delivering training programs and workshops in risk management covering international standards, best practices, and the requirements of regulatory authorities.

What is the methodology used to provide risk management consulting services?

ISO 31000 – Risk Management is a global proven standard, which helps business entities attain long-term success through properly managing all risks that may have impact on achieving their objectives.

What is the added value to business entities from Risk Management Services?

  1. Ensure compliance with the applicable legal and regulatory requirements in the State of Kuwait.
  2. Utilize the expert knowledge and experiences brought through compliance consulting services.
  3. Maximize the competitive potential and resilience in doing business and minimize costs.
  4. Improve processes and enhance the internal control and decision-making process.
  5. Enhance stakeholders’ trust in the business entity.

What are the Services offered by Baker Tilly Kuwait?

  1. Outsourced Risk Management Officer function as per CMA requirements
  2. Risk Management Consulting, which comprises the following services:

    • Developing Risk Management Framework
    • Reviewing and updating the Risk Management Framework
    • Attending meetings with Risk Audit and Risk Committee to present periodic risk management reports
    • Preparing periodic risk management reports
    • Risk Management Automation
    • Setting up Risk Management Unit/ Office/ Department
    • Setting up the Risk Management Committee