All organisations have business objectives on performance and growth that must be met or exceeded whilst managing risk. The only internationally recognised standard to achieve these goals while minimising risk is Enterprise Risk Management (ERM) to ISO31000. ERM Principles, Framework and Processes are used to manage the risks and opportunities that materially influence each business objective at all levels from the coal-face to the Board. ERM drives an organisation forward to:
Meet and exceed business objectives
Define the risk appetite and reduce risk
Increase performance and revenue
Reduce incident frequency and impact
A holistic ERM approach encompasses the real estate of the organisation, projects impacting the real estate, the provision of facilities, and ongoing operations and maintenance. Within the ERM framework, Business Criticality determines the optimum stacking of facilities by locating critical business departments in appropriately resilient facilities. Also, Business Criticality determines the vendor or landlord service levels, incident and crisis response priorities for Business Continuity Management and Disaster Recovery.
Business operations have become increasingly complex, ‘siloed’, regulated and outsourced. Also, client retained organisations are becoming much smaller while the Managing Agent or Principal Vendor Partner relationship with the ultimate client is becoming more complex. Outsourcing creates a large mismatch between risk control and ownership of consequential losses. The responsibility for Regulatory Compliance and the ownership of risks remains firmly with the client while the ‘pain-gain’ to the vendor is small and limited by contracts. All these issues mean increased risk to the operations of an organisation. A holistic ERM approach:
Helps manage Performance, Risk and Compliance while taking advantage of market opportunities
Ensures better policy making, setting strategies, governance, compliance, all informed by horizon-scanning and oversight
Provides greater insights into Business Criticality which is key to prioritising performance and risk management of the operations
Ensures a robust Management Information System for both performance and risk that includes Incident Reports. These are used to aid continuous improvement of performance and risk, including a reduction in the operating costs and the likelihood, impact and duration of adverse incidents
CRA provide a full life-cycle facility performance and risk management service.
We are able to review and develop systems consistent with ERM requirements to ISO31000 and our client’s Business Objectives, irrespective of how narrow or wide the scope of the task. These include setting up of Policy, Strategy, Governance, Audit, Operational Risk Management (ORM), Compliance, Management Information System (MIS), KPIs, KRIs, Responsibility Assignment (RACI) matrices, down to procedures and tools. We gain a deep first-hand understanding of our client’s needs by reviewing the engagement of all stakeholders, costs, control/governance arrangements and the consequences of all management actions.
CRA can significantly improve performance and compliance while reducing the risk in the impact, duration and the likelihood of adverse events. By pioneering tools and processes in several safety and mission critical industries, such as Nuclear Power, Defence and Banking, CRA can bring the benefits of cross-fertilisation from several sectors. CRA are specialists in Quantitative Risk Assessment, Business Impact Analysis, Dependency Modelling, setting and analysing KPI/KRIs, and testing performance during normal operation or in the event of disruption.
CRA can help you and your clients by working closely with your teams and stakeholders within an ERM framework to improve performance and risk.
Download the Service Delivery Statement: CRA - Enterprise Performance & Risk Management