Involving stakeholders in risk management practices is key since they may have input to risk identification and assessment processes.
Some of the key stakeholders that may be involved include:
1. The B.O.D – Senior management is charged with managing the organization on behalf of other shareholders and directors. The senior management is likely to be involved in:
- Assessment and management of strategic risk in their strategic planning process.
- Expression of organization risk appetite as part of the organization core values and policies.
- Formulation of risk management policies at high level which will cascade down to formulation of risk management and the rules by functional heads or managers.
2. Risk Management Function – There may be a dedicated risk officer or function in an organization with defined responsibility for formulating risk policies, assessing organization risk, coordinating risk management planning and responding to risk events.
3. External and Internal audit functions – Specialist auditors are engaged to carry out independent investigations into corporate finances and internal control of the organization. Their audit report often contains:
- Identification of areas of potential vulnerability.
- Unmanaged risks.
4. Internal Audit function – In house auditors who have an on-going responsibility to ensure that internal controls are adequately and effectively applied. The work of internal audit functions covers all aspects of the organization activities and not just the financial aspects, examining and testing all internal controls in the organization and making recommendation for improvement. In the context of risk management, internal audit will work closely with all other departments. In procurement context, auditors might test the adequacy of controls embedded in supplier appraisal, tendering procedures, contract development and management.
5. Procurement and supply function – Has specific role of mitigation losses to the whole organization by:
- Monitoring, identifying and assessing supply chain, supplier and market risks.
- Conducting supplier prequalification and appraisal to minimize supplier risk.
- Developing contracts to minimize commercial and supply risk the use of contractual terms.
- Managing contracts, suppliers and supplier performance in order to minimize financial, project, operational and reputational risks in regard to high risk sourcing strategies.
- Supply information and expertise for risk evaluation of strategic decisions.
- Managing commercial and financial risks of the organization external expenditure.
- Managing risks inherent in outsourced contracts and other supply structures of relationships.
6. Third party risk auditing and assessment services – 3 rd party risk management consultants may be given on going or project based responsibility for identification and assessment of defined corporate risk.
7. Supplier involvement – Suppliers can be involved in delivery of risk management strategy via:
- Total involvement – Encouraging risk awareness at all points of contact with the supply network.
- Cross functional collaboration – Developing an integrated process focused approach identification and management across the internal and external risk factors.
- Supply Chain collaboration and contribution – This is by use of mechanisms such as:
- Formally and informally gathering information from suppliers about risk factors in the supply market, both at the market engagement, supplier appraisal and prequalification stage.
- Gathering feedback from suppliers about risk factors arising from systems and processes.
- Collaboration to minimize risk through negotiated agreements, specifications and terms.
- Early supplier involvement in new product development.
- Securing, motivating and rewarding the willingness of suppliers to share the risk.
- Securing, motivating and managing supplier compliance and diligence with regard to quality, ethics and corporate responsibility issues.
- Developing information flows across the supply chain to increase risk visibility and support for lean supply
