Last week’s shocking detail released about the events concerning the Alton Towers court case is one that we never want to hear again.
What struck me, apart from the victims’ bravery and strength in these recent months, was how the owner of Alton Towers handled the matter from day one and how very unprepared they were for a disaster like this to happen.
We tend to think that we have the boxes ticked in respect of our systems and controls – particularly and in this case, our business continuity and disaster recovery plans, but in reality, how do they stack up? Within the financial services environment we clearly don’t need to have the same level of concern over personal health and safety like Alton Towers, but what about the safety and the management of risk in other areas of our businesses?
Do you operate a tick box exercise where you want to cover your back – ‘just in case’, or do you make these systems and controls real and aligned to your own business? Here are 5 tips to help your thought processes on this matter.
- The FCA categorises risk into a variety of areas e.g. prudential risk, conduct risk, reputational risk etc. As a senior management team, brainstorm how each of these areas can be applied to your own business model.
- Think big and then start to categorise these areas from the macro- ‘out of your own control’ type of risks (e.g. economic breakdown of the economy, lightening striking the office building), then drilling down to the detail of risk within your own business.
- Think about the fact that you run a business – what kinds of risks do you face as a business? Cashflow, startup costs, human resource, product mix? Just a few areas to consider.
- Now consider the fact that you are a regulated firm. What additional risks do you, as a business have at this level? (e.g. Advisers not competent? Systems & Controls not rock solid?).
- Consider the operational departments within your business and the variety of functions within it. Ask your teams to conduct a departmental risk analysis. These people know their jobs better than you, so they will be able to identify the kinds of risks that might be off your radar.
- Are there any key functions / individuals within the business that need to be considered? Do you have succession plans in place? Relevant insurances etc?
If you carry out the above analysis, you’ll be well on your way to the provision of a valuable insight into current risk levels within your firm.
The results of this analysis are not meant to be left on the shelf. Their purpose is to act as a starting point to a work in progress, so that at any one point in time you are able to see how your business is willing to carry risk and at what level of impact and probability.
If you think you might need some help, get in touch with us via our website www.chameleoncompliance.co.uk, telephone 07880 483 806, or email us at firstname.lastname@example.org.