Risk Management Consulting

Risk Management Consulting

Risk Management Consulting

Risk management has been recently gaining increasing attention in business due to its impact on the stability and continuity of business entities. In this context, regulators, e.g. Central Bank of Kuwait and Capital Markets Authority, issued a set of instructions to businesses, which are subject to their supervision, for compliance therewith in order to maintain a stable business environment

Added value to business entities from Enterprise Risk Management (ERM) Services

  1. Safeguard and maximize enterprise value;
  2. Ensure that the business entity complies with risk management requirements set forth in instructions and resolutions issued by the relevant regulators;
  3. Reduce impact of various types of risks through effective risk management framework that shall identify, measure, analyze, and use effective techniques to address or mitigate such risks;
  4. Enhance entity’s performance efficiency and ensure integrity of its financial statements and effective internal controls in place;
  5. Improve credit rating;
  6. Ensure that the business entity is able to continue to provide products and services at reasonable levels if they are exposed to incidents that may cause disruption thereof, and accordingly, achieve the competitive edge;
  7. Improve the business’ operations and increase awareness of critical operational aspects;
  8. Cost savings and avoidance of financial losses; and
  9. Protect interests of stakeholders, business reputation and the brand.

Services provided by Baker Tilly

Baker Tilly provides consulting services to companies licensed by Capital Markets Authority and listed companies in connection with risk management as follows:

  1. Risk Management Reports Service:

    • Assist the licensed persons with preparing the biannual report with respect to the risks encountering the licensed person, which is submitted to the board of directors and Capital Markets Authority.
      (Reference: Executive Regulations – Rule Book VI: Internal Policies and Procedures – Chapter 4, Article 4.4)
    • Assist the listed companies and licensed companies, both listed and unlisted, with preparing the regular reports on the nature of risks to which a company is exposed, which are submitted to the risk committee and the board of directors.
      (Reference: Executive Regulations – Rule Book XV: Corporate Governance, Chapter 6, 5th Rule, Article 6.3/2 and 6.5/8)
  1. ERM related Management & Compliance Consulting Services:

    • Assist with creating independent risk management function, i.e. department, office or unit within the company;
      (Reference: Executive Regulations – Rule Book XV: Corporate Governance, Chapter 6, 5th Rule, Article 6.3)
    • Assist with developing risk management system including key aspects, which enable identifying and classifying all risks to which the company is exposed, methods of sound management of such risks and ongoing control techniques. Such systems shall cover in particular credit risk, market risk, liquidity risk, operating risk and any other risks that may face the Company;
      (Reference: Executive Regulations – Rule Book VI: Internal Policies and Procedures – Chapter 4, Article 4.2)
      (Reference: Executive Regulations – Rule Book XV: Corporate Governance, Chapter 6, 5th Rule, Article 6.3/1)
    • Develop Risk Committee Charter;
      (Reference: Executive Regulations – Rule Book XV: Corporate Governance, Chapter 6, 5th Rule, Article 6.5)
    • Develop policies, procedures and forms that define and classify all risks to which the company may be exposed, the methods adopted to measure such risks, methods of sound management of such risks and ongoing control techniques.
      (Reference: Executive Regulations – Rule Book VI: Internal Policies and Procedures – Chapter 4, Article 4.3)
      (Reference: Executive Regulations – Rule Book XV: Corporate Governance, Chapter 6, 5th Rule, Article 6.3/1)
  1. Business Continuity Plan (BCP)

    On the other hand, the Business Continuity Plan (BCP) and the Disaster Recovery Plan (DRP) are integral components of the overall ERM framework. The importance of business continuity lies in ensuring the entity’s resilience to threats and risks it may face, developing strategies and plans that enable the entity to continue or resume its operations in unusual or adverse circumstances through a robust and reliable framework, and ultimately achieving stability, security and protection of the interests of all stakeholders. Business continuity management is closely associated with corporate governance, information security and compliance.

    Baker Tilly develops the required plans and procedures that ensure continuity of functions, activities, operations and systems if the entity is exposed to any incidents or obstacles that affect its business. BCP will be based on identifying various threats and risks that an entity may encounter, identifying critical products or services to be made available and offered, defining necessary resources and activities for business continuity such as availability of key personnel, business processes, retrieval of critical records, provision of supplies and coordination with external agencies, being aware of techniques of transition to implementation of and training in alternative business, and ongoing monitoring and evaluation of the situation.

    It is noteworthy that Baker Tilly Kuwait is a certified partner of Business Continuity Institute.
  1. Prequalification of entities to implement Business Continuity Management System (BCMS – ISO 22301)

    Baker Tilly provides prequalification of entities to implement Business Continuity Management System through conducting the gap analysis to identify gaps between the existing situation and ISO requirements including development of documents, entity’s staff training up to obtaining the certification and providing technical support during the certification validity period of three years.

  1. Disaster Recovery Plan (DRP)

    It is a set of policies and procedures that a business has to follow in case of disasters in order to recover and rebuild the infrastructure including hardware, systems and significant resources of the business. It is intended to recover from the effects of disaster to which a business may be exposed, including natural disasters or those caused by catastrophic failures affecting systems and utilities. A business should carry out drills on the disaster recovery plan, which should be approved by the entity’s senior management.