1) to Assess Organizational Risk Management Practices The entire senior management team should be able to identify your organization's top five risks and the strategies in place to address them. In today’s environment, an integrated risk management function is essential to an organization’s survival. But one size does not fit all when it comes to risk management. Building a sound risk management program starts with asking the right questions so you can identify and prioritize your organization’s unique risks and vulnerabilities – and create a risk mitigation strategy from there. First and foremost: Does the organization have a process for the formal identification of risks? What's the likelihood the identified risk events will occur? What's the impact (financial and non-financial) if they do occur? Weighting of Assessment Factors: Should likelihood and impact be weighted equally? Should the various non-financial impact factors be given the same weighting as financial? Risk Appetite: What is your organization's desired balance of risk and return? Consider the distribution of risk across categories, including financial, market, operational and compliance risk. Likelihood Frequency or Probability Impact Risk Rating Severity What are the financial and non-financial consequences? Consider these additional factors in connection with your risk assessment: Vulnerability: What is your organization's level of preparedness, agility, adaptability and responsiveness? How quickly could risk events occur with little or no warning? What level of comfort do we gain from our preventive and detective controls and processes in mitigating these risks? Risk Interactions: Risk Trend: Roles for Everybody: Risk Mitigation: Would this risk precipitate or impact another risk if the event occurs? Risks rarely exist in isolation. Think risk management is not your job? Board members, senior executives and every staff person all have roles to play. Do they all understand their responsibilities? Is this risk increasing or decreasing in impact or likelihood since the last assessment? Risk trend should be considered in developing appropriate risk responses. Based on your assessment, what is the organization's plan for mitigating each critical risk? For more information, visit http://bit.ly/1X1rfX4 or contact Gerard Zack, Managing Director in BDO's Global Forensics practice 202-644-5404 / gzack@bdo.com Vicky Gregorcyk, National Leader in BDO's Risk, Management & Technology practice 713-407-3955 / vgregorcyk@bdo.com BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms. For more information please visit: www.bdo.com. Material discussed is meant to provide general information and should not be acted on without professional advice tailored to your firm’s individual needs. © 2016 BDO USA, LLP. All rights reserved.