Risk Advisory

Know Your Risks in Order to Manage
Them Effectively

At Cherry Bekaert, we believe that an organization’s Enterprise Risk Management (ERM) activities must include continuous sharing of knowledge and information that describes the relationships among the following:

  • The strategic enterprise objectives and activity level objectives of the organization;
  • Downside risk – the inherent and residual nature of risks affecting the attainment of objectives;
  • Upside risk – the sources of opportunities that might facilitate the attainment of objectives; and
  • The control mechanisms available to mitigate identified downside risks and enable the organization to gain competitive advantage through taking opportunities.

Our View of Risk

Organizations typically fail to meet goals, incur losses or make substantial misjudgments for three main reasons:

  • Unseen Risk – failure to foresee emerging risks; e.g. blindsided by the unanticipated;
  • Known Risk – not properly managing known risk; e.g. unintended consequences; or
  • Control Failure – reliance on inadequate controls which fail to mitigate the risk as expected.

We are not referring to “Black Swan” events, which include the most unlikely occurrences and which are arguably highly unpredictable. However, we do consider risks in the ordinary course of business that most organizations face.

Our ERM Services include tools designed to facilitate management’s ability to identify, assess and manage the organizational risks that affect their ability to accomplish objectives. As part of our integrated service approach, we utilize facilitated risk and control self-assessment techniques to help management understand the relationships between objectives, risks and control activities.

Through our ERM approach, management can clearly identify and understand the relative significance of enterprise and organizational level risks so that it can develop cost effective mitigation strategies for underserved risk areas and identify areas of over-control to better allocate resources. Additionally, management’s enhanced understanding of risk provides the basis from which it can determine the nature of risk and control monitoring. Whether using self-assessment, IT audit, internal audit or forensic procedures, effective monitoring ensures that risk mitigation strategies are operating effectively and residual risk is in line with management’s risk tolerance or risk appetite.

Additionally, we understand that effective ERM does not result from a “one-time” project, but must be embedded in the business culture in order to be sustainable and help gain competitive advantage. This only results from the continuous discussion of objectives, risks and controls among all employees. Therefore, we design our services to provide management with the knowledge, tools and methodologies to maintain their enterprise risk management activities with or without ongoing assistance from Cherry Bekaert.